Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:756299
MD5:2816bacd01b0d8c48f1d8714c6aa6f0f
SHA1:474ae88d9cf093dcb9789cb7b79513e0dbd38388
SHA256:637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
Tags:exe
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:50
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Writes many files with high entropy
May use bcdedit to modify the Windows boot settings
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Stores large binary data to the registry
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
OS version to string mapping found (often used in BOTs)
Drops PE files
Tries to load missing DLLs
Registers a DLL

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • file.exe (PID: 5860 cmdline: C:\Users\user\Desktop\file.exe MD5: 2816BACD01B0D8C48F1D8714C6AA6F0F)
    • sc.exe (PID: 5932 cmdline: C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel" MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 5976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • sc.exe (PID: 6056 cmdline: C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel" MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 6068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • sc.exe (PID: 4856 cmdline: C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor" MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 2128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • sc.exe (PID: 6140 cmdline: C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor" MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 4620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • sc.exe (PID: 780 cmdline: C:\Windows\System32\sc.exe config ShMonitor start= auto MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 1316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • sc.exe (PID: 4720 cmdline: C:\Windows\System32\sc.exe config EsgShKernel start= auto MD5: D79784553A9410D15E04766AAAB77CD6)
      • conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 5648 cmdline: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
    • EsgInstallerDelay__0.exe (PID: 5680 cmdline: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300 MD5: EDCE372DE488AA221DA7DB7544C09B3E)
      • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • EsgInstallerDelay__1.exe (PID: 4816 cmdline: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300 MD5: EDCE372DE488AA221DA7DB7544C09B3E)
      • conhost.exe (PID: 640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exeMALWARE_Win_EXEPWSH_DLAgentDetects SystemBCditekSHen
  • 0xd946f8:$pwsh: powershell
  • 0xd35b48:$s2: User-Agent:
  • 0x10069f8:$s4: LdrLoadDll
  • 0xc35367:$v6: start
  • 0xc3d08b:$v6: start
  • 0xc468ae:$v6: start
  • 0xc468c6:$v6: start
  • 0xc63dac:$v6: start
  • 0xc653d0:$v6: start
  • 0xc6c3d7:$v6: start
  • 0xc6c417:$v6: start
  • 0xc6c457:$v6: start
  • 0xc6ca7c:$v6: start
  • 0xc6e627:$v6: start
  • 0xc9b9fc:$v6: start
  • 0xc9ba30:$v6: start
  • 0xc9bc43:$v6: start
  • 0xc9bc72:$v6: start
  • 0xca2efc:$v6: start
  • 0xca2f30:$v6: start
  • 0xca30d9:$v6: start

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: file.exe, 00000000.00000000.307752092.0000000000F18000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

barindex
Uses 32bit PE files
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates license or readme file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\license.txtJump to behavior
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoftJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunterJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.datJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txtJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\LanguagesJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lngJump to behavior
Creates install or setup log file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\esg_setup.logJump to behavior
PE / OLE file has a valid certificate
Source: file.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source: Joe Sandbox ViewIP Address: 89.187.165.194 89.187.165.194
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: license.txt.0.drString found in binary or memory: ftp://ftp.fu-berlin.de/unix/NetBSD/NetBSD-release
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: license.txt.0.drString found in binary or memory: http://busybox.net/.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digice
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiC
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCer
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStamp
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314715644.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311363310.0000000003702000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: file.exe, 00000000.00000003.314800677.000000000376A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314732539.000000000375E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311726749.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.316003911.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314128688.000000000375E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314385874.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314527260.0000000003750000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315034798.0000000003750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: file.exe, 00000000.00000003.315953806.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315469526.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlo
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl00Z
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.dig
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310142242.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.310104230.00000000013CB000.00000004.00000020.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SH
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.d
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer?F
Source: license.txt.0.drString found in binary or memory: http://gcc.gnu.org/.
Source: license.txt.0.drString found in binary or memory: http://git.kernel.org/.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigP
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftw
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg
Source: file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfg/item
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/log_collect.cfgxXo
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.8
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320294871.00000000037BF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318290161.00000000037C3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318261182.00000000037C0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf0
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfTv
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecfx
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf:
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfJa
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf.htm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf8
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf8
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfW
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecfy=
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfl
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecfR
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ec
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfv
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfcpdaY
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfx
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf/sh5
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/5.13a
Source: file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfE1B
Source: file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfExter
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecfO
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf1
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecfH
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://installer.enigmasoftware.com/shos5/3.18.5/sh5_vmlinuz.ecf
Source: license.txt.0.drString found in binary or memory: http://metadata.ftp-master.debian.org/changelogs/main/libs/libselinux/libselinux_2.7-2_copyright.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicer
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://ocsp.digicert.com0H
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: license.txt.0.drString found in binary or memory: http://people.redhat.com/heinzm/sw/dmraid/readme
Source: file.exe, 00000000.00000003.350441495.0000000007D2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://upx.sf.net
Source: license.txt.0.drString found in binary or memory: http://www.apache.org/licenses/
Source: license.txt.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.
Source: file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.h
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354927670.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: http://www.enigmasoftware.com
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crl
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crl0
Source: file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crl?
Source: file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crlMM
Source: license.txt.0.drString found in binary or memory: http://www.gnu.org/software/libc/.
Source: file.exeString found in binary or memory: http://www.google.compre_xpimg_entryp
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.drString found in binary or memory: http://www.oberhumer.com
Source: license.txt.0.drString found in binary or memory: http://www.openssl.org/)
Source: license.txt.0.drString found in binary or memory: http://www.ubuntu.com/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wwwigmasoftware.com
Source: file.exe, 00000000.00000003.313275599.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.enigmasoft.net
Source: file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313139718.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314865635.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.enigmasoft.netL
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.enigmasoft.netid
Source: file.exe, 00000000.00000003.315449161.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314925705.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.313155756.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.enigmasoft.netoftware.c
Source: file.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: file.exeString found in binary or memory: https://geo-ip.enigmasoft.net/location
Source: file.exeString found in binary or memory: https://geo-ip.enigmasoft.net/locationgeo_countrycountryosos_lang%1%%2%os_versionx86x64os_arch;ARMge
Source: file.exe, 00000000.00000003.357927517.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354428445.000000000464A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318817304.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354119711.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356177203.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318124490.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319196227.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323711242.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319967620.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321840103.0000000004647000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmas
Source: file.exe, 00000000.00000003.318870946.000000000465A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319989828.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354153090.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320122974.0000000004657000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmaso
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/.
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpwl.dat.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecf02v
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf0
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfty;
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_dutch.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_english.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_german.lng.ecfu
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecf0Sx
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecff
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_license.txt.ecf$
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecfh;a
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf6
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecfj
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_polish.lng.ecfe
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfP6v
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_serbian.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecf
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecfh
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_swedish.lng.ecf
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecf
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecftyQ
Source: file.exe, 00000000.00000003.321861929.0000000004653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_nat
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfQ
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfx
Source: file.exe, 00000000.00000003.323733614.0000000004653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shk
Source: file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf9v
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfU
Source: file.exe, 00000000.00000003.356879226.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357827841.0000000004653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shm
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfDX/
Source: file.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spy
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.ex
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecf
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecf
Source: file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shkernel.exe.ecfpdata.L
Source: file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shmonitor.exe.ecf
Source: file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecf
Source: file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecf
Source: file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecf
Source: file.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfW
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def.pro/latest_def.ecf
Source: file.exe, 00000000.00000003.318099499.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecf
Source: file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def/2022110703.def.ecfN
Source: file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecf
Source: file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://installer.enigmasoftware.com/sh5/def/latest_def.ecfs(h
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.enigmasoftware.com/forgot-password/85000.0doc
Source: file.exe, 00000000.00000003.319956372.00000000046BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://purchase.enigmasoftware.com
Source: file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sh.downloads.enigmasoft.net/sh/def/updates/%1%/%2%_updates.ecf
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sh.downloads.enigmasoft.net/sh/ticket_problem_types/https://purchase.enigmasoftware.com/spyh
Source: license.txt.0.drString found in binary or memory: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/edge/tree/COPYING
Source: license.txt.0.drString found in binary or memory: https://sourceforge.net/projects/grub4dos/
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwa
Source: file.exe, 00000000.00000003.315923741.00000000036E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&lng=%L
Source: file.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314995142.0000000003720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&sid=%S
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354322508.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.309854839.00000000013BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/about-us/inquiries-feedback/).
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/enigmasoft-discount-terms/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/
Source: file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/enigmasoft-privacy-policy/;
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/program-uninstall-steps/.
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/sh/license.txt.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/spyhunter-additional-terms-conditions/.
Source: file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/spyhunter-eula/.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/spyhunter-remover-details/#windows
Source: file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315399289.000000000378C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315428724.0000000003797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.enigmasoftware.com/support/
Source: license.txt.0.drString found in binary or memory: https://www.freebsd.org/copyright/license.html
Source: license.txt.0.drString found in binary or memory: https://www.gnu.org/licenses/lgpl-3.0.html.
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/batch
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/batch%1%
Source: license.txt.0.drString found in binary or memory: https://www.qt.io/terms-conditions/
Source: unknownDNS traffic detected: queries for: geo-ip.enigmasoft.net
Source: global trafficHTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: */*Content-Type: application/json
Source: global trafficHTTP traffic detected: GET /location HTTP/1.1Host: geo-ip.enigmasoft.netUser-Agent: Installer/3.0.819.5050 (Windows NT 10.0; Win64; x64 )Accept: */*Content-Type: application/json
Source: global trafficHTTP traffic detected: GET /sh5/latest.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/filelist.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/setup.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/def/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/def.pro/latest_def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_native.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shmonitor.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_spyhunter5.exe.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_license.txt.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_english.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_albanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_bulgarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(simplified).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_croatian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_czech.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_danish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_dutch.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_finnish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_french.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_german.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_greek.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_hungarian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_indonesian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_italian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_japanese.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_korean.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_lithuanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_norwegian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_polish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_romanian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_russian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_serbian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_slovene.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_spanish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_swedish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_turkish.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_ukrainian.lng.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/def/2022110703.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/def.pro/2022080401.def.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpdata.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_acpwl.dat.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /sh5/5.13.15.81/sh5_x64_shshellext.dll.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /analytics_all/callback_functions/tt_callback.php?hwx=f74bebcde5492865145449b104425025&lng=EN&page_type=downloader&pid=1010&sid=lav&uid=0&user_agent=SH5%2C5%2E13%2E15%2E81%7CWindows%2C10%2E0%2E0%2E0%2E17134%2Cx64%7Clav%7Cf74bebcde5492865145449b104425025 HTTP/1.1Host: tt.web.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: */*
Source: global trafficHTTP traffic detected: GET /log_collect.cfg HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: */*
Source: global trafficHTTP traffic detected: GET /shos5/3.18.5/sh5_initrd.gz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /shos5/3.18.5/sh5_shldr.mbr.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe
Source: global trafficHTTP traffic detected: GET /shos5/3.18.5/sh5_vmlinuz.ecf HTTP/1.1Host: installer.enigmasoftware.comUser-Agent: Installer/3.0.819.5050Accept: application/octet-stream, application/exe

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\Desktop\file.exeFile created: C:\sh5ldr\vmlinuz entropy: 7.99836962763Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng entropy: 7.99609971693Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng entropy: 7.99595141601Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng entropy: 7.99680078701Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng entropy: 7.99711126287Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng entropy: 7.99623035502Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng entropy: 7.99615411913Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng entropy: 7.99671313322Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng entropy: 7.99580751358Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng entropy: 7.99705640146Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng entropy: 7.99689859487Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng entropy: 7.99572990145Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng entropy: 7.99581949466Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng entropy: 7.99666220285Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng entropy: 7.99615643718Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng entropy: 7.9957351524Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng entropy: 7.9965164076Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng entropy: 7.9961756396Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng entropy: 7.99693442691Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng entropy: 7.99626718925Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng entropy: 7.99690916426Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng entropy: 7.99635386591Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng entropy: 7.99562562154Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng entropy: 7.99640862281Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng entropy: 7.99641530631Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng entropy: 7.99701029921Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng entropy: 7.99604698987Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng entropy: 7.99606091645Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng entropy: 7.99638398778Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng entropy: 7.99555096602Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng entropy: 7.99631936477Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng entropy: 7.99690213117Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def entropy: 7.99980150219Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat entropy: 7.99721527657Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat entropy: 7.99684565062Jump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\sh5ldr\initrd.gz entropy: 7.99524171727Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPEDMatched rule: Detects SystemBC Author: ditekSHen
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, type: DROPPEDMatched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E45450_3_036E4545
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E3B190_3_036E3B19
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF727FF10F016_2_00007FF727FF10F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800D96C16_2_00007FF72800D96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72802B97016_2_00007FF72802B970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF7280282D016_2_00007FF7280282D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72801AABC16_2_00007FF72801AABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF7280052E816_2_00007FF7280052E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72801C45016_2_00007FF72801C450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728027C7016_2_00007FF728027C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800BD2816_2_00007FF72800BD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72801CD4C16_2_00007FF72801CD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728010D4416_2_00007FF728010D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728018D7016_2_00007FF728018D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF727FF9DE016_2_00007FF727FF9DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF727FFD5F016_2_00007FF727FFD5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728017DE016_2_00007FF728017DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800E66C16_2_00007FF72800E66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800CE5C16_2_00007FF72800CE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72802B6B016_2_00007FF72802B6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728027EA016_2_00007FF728027EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728010EF016_2_00007FF728010EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800870816_2_00007FF728008708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800A72816_2_00007FF72800A728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728000F4016_2_00007FF728000F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728006F3C16_2_00007FF728006F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72801A75816_2_00007FF72801A758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728011F6016_2_00007FF728011F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728014FCC16_2_00007FF728014FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72801D8B416_2_00007FF72801D8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF7280278E016_2_00007FF7280278E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0A910F018_2_00007FF6B0A910F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ACB97018_2_00007FF6B0ACB970
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AAD96C18_2_00007FF6B0AAD96C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA52E818_2_00007FF6B0AA52E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AC82D018_2_00007FF6B0AC82D0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ABAABC18_2_00007FF6B0ABAABC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AABD2818_2_00007FF6B0AABD28
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AC7C7018_2_00007FF6B0AC7C70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ABC45018_2_00007FF6B0ABC450
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0A9D5F018_2_00007FF6B0A9D5F0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB7DE018_2_00007FF6B0AB7DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0A99DE018_2_00007FF6B0A99DE0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB8D7018_2_00007FF6B0AB8D70
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ABCD4C18_2_00007FF6B0ABCD4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB0D4418_2_00007FF6B0AB0D44
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB0EF018_2_00007FF6B0AB0EF0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AAA72818_2_00007FF6B0AAA728
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA870818_2_00007FF6B0AA8708
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AAE66C18_2_00007FF6B0AAE66C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AACE5C18_2_00007FF6B0AACE5C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ACB6B018_2_00007FF6B0ACB6B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AC7EA018_2_00007FF6B0AC7EA0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB4FCC18_2_00007FF6B0AB4FCC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AB1F6018_2_00007FF6B0AB1F60
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ABA75818_2_00007FF6B0ABA758
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA0F4018_2_00007FF6B0AA0F40
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA6F3C18_2_00007FF6B0AA6F3C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AC78E018_2_00007FF6B0AC78E0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0ABD8B418_2_00007FF6B0ABD8B4
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: String function: 00007FF6B0AB9450 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: String function: 00007FF728019450 appears 65 times
Source: ShKernel.exe.0.drStatic PE information: Resource name: BIN type: PE32+ executable (native) x86-64, for MS Windows
Source: ShKernel.exe.0.drStatic PE information: Resource name: BIN type: PE32+ executable (native) Aarch64, for MS Windows
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: SpyHunter5.exe.0.drStatic PE information: Resource name: RT_RCDATA type: COM executable for DOS
Source: file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEnigmaFileMonDriver.sys8 vs file.exe
Source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShKernel.exe6 vs file.exe
Source: file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: originalFilename vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "'qwertyuiopasdfghjklzxcvbnmZXCVBNMASDFGHJKLQWERTYUIOP.drv.sys.com.scr.pif.msi.vbs.acm/~/\rbwb.exe.ocx\/ \/ \/.cpl.efi.mui.lnk.vb.js.axUsersvoidlua runtime errorunable to make castexistsexpandbaseNamedirNamepathInfowalkFailed to move %s to %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::Moveboolstd::stringlua_Stateluabind::objecthkcufsmovemodifyTimeMissing parameters!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::WalkregistrydeleteKeydeleteValuekeyExistsC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\enigmacommon\EnigmaCommon\LuaAPI.cppFailed to remove %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::FileSystem::RemoveFailed to remove %s!extensiondirectorycreateTimeaccessTimeFailed to delete value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteValueFailed to alter value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::SetValueFailed to extract string value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetStringFailed to extract numeric value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetNumbervalueExistssetValuegetStringgetNumbergetBooleangetCurrentControlSetKeyFailed to delete key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::DeleteKeyWinXPWinVistaWin7Win8Win8.1Win10getFilePropertieskillProcessFailed to extract boolean value %s of key %s due to error %lu!Esg::Classes::fVtekgBaCHLfloqy::Registry::GetBooleanosgetNamegetVersiongetArchitectureisSafeModeWin2kFailed to get properties of %s!Esg::Classes::fVtekgBaCHLfloqy::System::GetFilePropertiesFailed to kill proc. %d!Esg::Classes::fVtekgBaCHLfloqy::System::KillProcessFailed to kill proc. %s!Failed to fetch a list of processes! Error %d.Esg::Classes::fVtekgBaCHLfloqy::System::ListProcessescmd /c processExistslistProcessesgetSystemAccountSidgetCurrentUserSidfileVersionproductVersioninternalNameoriginalFilenameEsg::Classes::fVtekgBaCHLfloqy::Log::DebugEsg::Classes::fVtekgBaCHLfloqy::Log::NoticescresolveFailed to parse shortcut %s!Esg::Classes::fVtekgBaCHLfloqy::Shortcut::ResolvetargetargumentsFailed to execute command %S!Esg::Classes::fVtekgBaCHLfloqy::System::ExecutelogwarningdebugnoticeEsg::Classes::fVtekgBaCHLfloqy::Log::ErrorEsg::Classes::fVtekgBaCHLfloqy::Log::WarningworkDiriconPathiconIndex const vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuild\VarFileInfo\Translation\StringFileInfo\%04X%04X\\StringFileInfo\040904E4\CompanyNameFileDescriptionFileVersionSpecialBuild%d.%d.%d.%dC:\Dev\Libs\boost_1_70_0\boost\smart_ptr\scoped_array.hppvoid __cdecl boost::scoped_array<unsigned char>::reset(unsigned char *)P vs file.exe
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .NET Init Failed. Path=%s, Status=%dpe_init_failedC:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\Scanner\FileScanPeContext.cppFileScan::PeContext::InitRSDSOriginalFilenameCopyrightcompanynamecommentsdescriptioncopyrightfileversionfiledescriptionlegalcopyrightinternalnameproductnameoriginalfilenameproductversionunsigned __int64 __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::min_buckets_for_size(unsigned __int64) constvoid __cdecl boost::unordered::detail::table<struct boost::unordered::detail::map<class std::allocator<struct std::pair<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > const ,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> > > >,struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > >,class std::vector<unsigned __int64,class std::allocator<unsigned __int64> >,struct PeMetricsStatus::ImportHasher,struct std::equal_to<struct std::pair<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > > > >::rehash_impl(unsigned __int64) vs file.exe
Source: file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNative.exe0 vs file.exe
Source: file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShMonitor.exe6 vs file.exe
Source: file.exeBinary or memory string: OriginalFilenameInstaller.exe4 vs file.exe
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= auto
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= auto
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config ShMonitor start= autoJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe config EsgShKernel start= autoJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300Jump to behavior
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\EnigmaSoft Limited\sh5_installer.exe
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\esg_setup.logJump to behavior
Source: classification engineClassification label: sus26.rans.winEXE@27/51@55/7
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT key FROM ItemTable;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: create table 'log_item' (id INTEGER PRIMARY KEY, name TEXT, scan_type INTEGER, starttime TEXT, endtime TEXT, signature_version TEXT, requested_by TEXT, scan_count INTEGER, threat_count INTEGER, status INTEGER NOT NULL, FOREIGN KEY(status) REFERENCES scan_status(status_id));
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT path FROM log_item_data WHERE log_item_id='%1%' AND status=1 LIMIT 1000;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT creation_utc FROM cookies WHERE creation_utc = %I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select id, name, host from moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT origin, type, permission FROM moz_perms;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id, name, host FROM moz_cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: create table 'guard_alert' (alert_id INTEGER PRIMARY KEY, timestamp INTEGER, pid INTEGER, ppath TEXT, path TEXT, size INTEGER, md5 TEXT, company_name TEXT, file_desc TEXT, file_version TEXT, is_malware INTEGER, scan_status TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT creation_utc, host_key, name FROM cookies;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT `%s` FROM `%s` WHERE `%s` LIKE ?;MalwareObjSqliteRow::ExistsExists check failed. DB Exception occured: %s
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id FROM moz_cookies WHERE id=%I64d;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: create table 'scan_status' (id INTEGER PRIMARY KEY, status_id INTEGER, name TEXT);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO scan_status (status_id, name) VALUES (0, 'Started'); INSERT INTO scan_status (status_id, name) VALUES (1, 'Completed'); INSERT INTO scan_status (status_id, name) VALUES (2, 'Interrupted by user'); INSERT INTO scan_status (status_id, name) VALUES (3, 'Failed');
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: create table 'log_item_data' (id INTEGER PRIMARY KEY, log_item_id INTEGER NOT NULL, timestamp TEXT, detection_id INTEGER, path TEXT, title TEXT, status INTEGER, FOREIGN KEY(log_item_id) REFERENCES log_item(id) ON UPDATE CASCADE ON DELETE CASCADE);
Source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select scope, key from webappsstore2;
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_01
Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ESGInstaller_MTX
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1316:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:640:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5476:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_01
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoftJump to behavior
Source: file.exeString found in binary or memory: >Repair/Reinstall
Source: file.exeString found in binary or memory: tInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOptUninstall">Uninstall</item>
Source: file.exeString found in binary or memory: ext">Do you really want to exit the installation wizard?</item> <item sid="sidInitInstaller">Initializing Installer...</item> <item sid="sidOptInstall">Install</item> <item sid="sidOptModify">Repair/Reinstall</item> <item sid="sidOp
Source: file.exeString found in binary or memory: set-addPolicy
Source: file.exeString found in binary or memory: id-cmc-addExtensions
Source: file.exeString found in binary or memory: BootExecuteHKLM\SYSTEM\ device partition= /addlast\registry\machine\registry\userHKLM\SYSTEMcontrolsetqwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-171023896-http://<![CDATA[]]><!DOCTYPE><!----><PRE></PRE>&amp;&lt;&gt;&quot;&apos;]>+%d.%d.%d.%dvoid __thiscall boost::scoped_array<unsigned char>::reset(unsigned char *)
Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: file.exeStatic file information: File size 6881256 > 1048576
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoftJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunterJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\purl.datJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\license.txtJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\LanguagesJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lngJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lngJump to behavior
Source: file.exeStatic PE information: certificate valid
Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x436400
Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x115e00
Source: file.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\Win32\Installer.pdb source: file.exe
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_crypto\dh\dh_lib.c%*s<EMPTY> source: file.exe
Source: Binary string: D:\GIT\esginstaller\_Builds\Release\win32\DelayStart-x64.pdb source: EsgInstallerDelay__0.exe, 00000010.00000000.431892110.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__0.exe, 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmp, EsgInstallerDelay__1.exe, 00000012.00000000.432408354.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp, EsgInstallerDelay__1.exe, 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\nativeapp\objfre_wnet_amd64\amd64\Native.pdb source: file.exe, 00000000.00000003.321989813.00000000046AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323476159.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356933248.00000000046A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321750400.00000000046B8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354249037.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358203857.00000000046AB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShKernel.pdb source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\bamboo-agent-home\xml-data\build-dir\SH5-S5P-JOB1\sh5\builds\Release-x64\ShMonitor.pdb\ source: file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356452731.0000000005E61000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357073778.0000000005B2D000.00000004.00000800.00020000.00000000.sdmp, ShMonitor.exe.0.dr
Source: Binary string: type_idOTHERNAMEnameAssignerpartyNameEDIPARTYNAMEd.otherNamed.rfc822Named.dNSNamed.x400Addressd.directoryNamed.ediPartyNamed.uniformResourceIdentifierd.iPAddressd.registeredIDGENERAL_NAMEGeneralNamesGENERAL_NAMESCERTIFICATEcrypto\x509\x509name.cname=compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\dh\dh_lib.c%*s<EMPTY> source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdbGCTL source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-x64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Sources\spyhunter5\Drivers\builds\Release-ARM64\EnigmaFileMonDriver.pdb source: file.exe, 00000000.00000003.350522863.0000000007D31000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAESNI_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -D_USING_V110_SDK71_ source: file.exe
Source: Binary string: compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmp, ShKernel.exe.0.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E807C push eax; iretd 0_3_036E807E
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E7003 push EA530B46h; retf 0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E6EB4 push EA530B46h; retf 0_3_036E6FF1
Source: C:\Users\user\Desktop\file.exeCode function: 0_3_036E819E push edi; iretd 0_3_036E819F
Source: ShShellExt.dll.0.drStatic PE information: section name: _RDATA
Source: ShKernel.exe.0.drStatic PE information: section name: _RDATA
Source: ShMonitor.exe.0.drStatic PE information: section name: _RDATA
Source: SpyHunter5.exe.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728014B80 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,16_2_00007FF728014B80
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
Source: file.exeBinary or memory string: Mclass RcFile *__thiscall boost::shared_ptr<class RcFile>::operator ->(void) const:\bootmgrHKLM\SYSTEM\CurrentControlSet\Control\Session Manager%WINDIR%\system32\bcdedit.exe\shldr\vmlinuz\spyhunter.mbr:\ntldr\initrd.gz\shldr.mbr\shldr_frs_stage1_winxp\shldr_frs_stage1_vista_plus::spyhunter.fixd
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\EnigmaSoft Limited\sh5_installer.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\Native.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\EnigmaSoft\SpyHunter\license.txtJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\esg_setup.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter5 UninstallActionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe TID: 5676Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe TID: 1920Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\Native.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF728004308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728014B80 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,16_2_00007FF728014B80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728016130 GetProcessHeap,HeapFree,16_2_00007FF728016130
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728004308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF728004308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72800BD10 SetUnhandledExceptionFilter,16_2_00007FF72800BD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728007DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF728007DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF728004050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF728004050
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA4308 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF6B0AA4308
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AABD10 SetUnhandledExceptionFilter,18_2_00007FF6B0AABD10
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA7DC8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF6B0AA7DC8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: 18_2_00007FF6B0AA4050 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF6B0AA4050
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: EnumSystemLocalesA,16_2_00007FF728014124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,16_2_00007FF728014190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,16_2_00007FF728013A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: _getptd,GetLocaleInfoA,16_2_00007FF728013B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: GetLocaleInfoA,16_2_00007FF728013C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,16_2_00007FF728013CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: GetLocaleInfoW,16_2_00007FF728015554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,16_2_00007FF7280155B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: _getptd,GetLocaleInfoA,16_2_00007FF728013F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: GetLocaleInfoA,16_2_00007FF7280147E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: EnumSystemLocalesA,16_2_00007FF728014090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,18_2_00007FF6B0AB4190
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,18_2_00007FF6B0AB3A4C
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: _getptd,GetLocaleInfoA,18_2_00007FF6B0AB3B50
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,18_2_00007FF6B0AB3CEC
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: GetLocaleInfoA,18_2_00007FF6B0AB3C38
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: GetLocaleInfoW,18_2_00007FF6B0AB5554
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,18_2_00007FF6B0AB55B0
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: GetLocaleInfoA,18_2_00007FF6B0AB47E8
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: _getptd,GetLocaleInfoA,18_2_00007FF6B0AB3F80
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: EnumSystemLocalesA,18_2_00007FF6B0AB4124
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exeCode function: EnumSystemLocalesA,18_2_00007FF6B0AB4090
Source: C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exeCode function: 16_2_00007FF72802A270 swprintf,GetSystemTime,swprintf,GetCurrentThreadId,swprintf,16_2_00007FF72802A270
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: if esg.sys.winVersion() < esg.c.WIN_7 then return end
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: if esg.sys.winVersion() > esg.c.WIN_XP then
Source: file.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WIN_7
Source: file.exe, 00000000.00000003.320281146.00000000037BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: if esg.sys.winVersion() <= esg.c.WIN_XP then

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		2
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Service Execution		1
Registry Run Keys / Startup Folder		1
Process Injection		1
Modify Registry		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Native API		1
Bootkit		1
Registry Run Keys / Startup Folder		21
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		NTDS21
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common2
Obfuscated Files or Information		Cached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Regsvr32		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Bootkit		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
DLL Side-Loading		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 756299 Sample: file.exe Startdate: 30/11/2022 Architecture: WINDOWS Score: 26 43 installer.enigmasoftware.com 2->43 45 esg-installer.b-cdn.net 2->45 53 Malicious sample detected (through community Yara rule) 2->53 8 file.exe 19 24 2->8         started        signatures3 process4 dnsIp5 47 www.google.com 172.217.168.68 GOOGLEUS United States 8->47 49 esg-installer.b-cdn.net 89.187.165.194 CDN77GB Czech Republic 8->49 51 6 other IPs or domains 8->51 35 C:\sh5ldr\vmlinuz, Linux 8->35 dropped 37 C:\sh5ldr\initrd.gz, gzip 8->37 dropped 39 C:\Program FilesnigmaSoft\...\acpwl.dat, data 8->39 dropped 41 42 other files (33 malicious) 8->41 dropped 55 Writes many files with high entropy 8->55 13 EsgInstallerDelay__0.exe 1 8->13         started        15 EsgInstallerDelay__1.exe 1 8->15         started        17 sc.exe 1 8->17         started        19 6 other processes 8->19 file6 signatures7 process8 process9 21 conhost.exe 13->21         started        23 conhost.exe 15->23         started        25 conhost.exe 17->25         started        27 conhost.exe 19->27         started        29 conhost.exe 19->29         started        31 conhost.exe 19->31         started        33 2 other processes 19->33

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe0%ReversingLabs
file.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe2%ReversingLabs
C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe0%ReversingLabs
C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll0%ReversingLabs
C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe0%ReversingLabs
C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe0%ReversingLabs
C:\sh5ldr\shldr0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.di0%URL Reputationsafe
http://crt.rootca1.amazontrust.com/rootca1.cer?F0%Avira URL Cloudsafe
https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pag0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
http://crl.rootca1.amazontrust.com/rootca1.crl00Z0%Avira URL Cloudsafe
http://wwwigmasoftware.com0%Avira URL Cloudsafe
http://ocsp.digicer0%Avira URL Cloudsafe
http://cacerts.digice0%Avira URL Cloudsafe
https://installer.enigmas0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
geo-ip.enigmasoft.net
108.156.60.13
truefalse
    		unknown
    esg-installer.b-cdn.net
    		89.187.165.194
    		truefalse
      		high
      www.google.com
      		172.217.168.68
      		truefalse
        		high
        tt.web.enigmasoftware.com
        		34.240.252.91
        		truefalse
          		high
          installer.enigmasoftware.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=f74bebcde5492865145449b104425025&lng=EN&page_type=downloader&pid=1010&sid=lav&uid=0&user_agent=SH5%2C5%2E13%2E15%2E81%7CWindows%2C10%2E0%2E0%2E0%2E17134%2Cx64%7Clav%7Cf74bebcde5492865145449b104425025false
              		high
              https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(brazil).lng.ecffalse
                		high
                https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_japanese.lng.ecffalse
                  		high
                  https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_korean.lng.ecffalse
                    		high
                    https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecffalse
                      		high
                      https://installer.enigmasoftware.com/sh5/def/latest_def.ecffalse
                        		high
                        https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecffalse
                          		high
                          https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecffalse
                            		high
                            https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecffalse
                              		high
                              https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecffalse
                                		high
                                https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecffalse
                                  		high
                                  https://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecffalse
                                    		high
                                    https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecffalse
                                      		high
                                      https://installer.enigmasoftware.com/sh5/5.13.15.81/filelist.ecffalse
                                        		high
                                        https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_spanish.lng.ecffalse
                                          		high
                                          https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecffalse
                                            		high
                                            https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecffalse
                                              		high
                                              https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecffalse
                                                		high
                                                http://installer.enigmasoftware.com/shos5/3.18.5/sh5_shldr.mbr.ecffalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_finnish.lng.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://installer.enigmasoftware.com/sh5/5.13.15.8file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://git.kernel.org/.license.txt.0.drfalse
                                                        		high
                                                        https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfDX/file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecfUfile.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_albanian.lng.ecffile.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://installer.enigmasoftware.com/shos5/3.18.5/sh5_initrd.gz.ecfHfile.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://purchase.enigmasoftware.com/purchase_spyhunter.php?sid=lav&dc=H2O75file.exe, 00000000.00000003.313172689.00000000036F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php10-100enigmasoftwafile.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecf0file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_indonesian.lng.ecffile.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_greek.lng.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://installer.enigmasoftware.com/sh5/def/2022110703.def.ecffile.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecf6file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_french.lng.ecffile.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://wwwigmasoftware.comfile.exe, 00000000.00000003.319011044.000000000468F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfQfile.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecfjfile.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354770220.0000000003765000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.freebsd.org/copyright/license.htmllicense.txt.0.drfalse
                                                                                      		high
                                                                                      https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exe.ecffile.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crt.rootca1.amazontrust.com/rootca1.cer?Ffile.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_portuguese_(portugal).lng.ecfy=file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://installer.enigmasoftware.com/sh5/5.13.15.81/file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_danish.lng.ecffile.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_slovene.lng.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.enigmasoftware.com/support/file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315210907.00000000037A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315399289.000000000378C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315428724.0000000003797000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  ftp://ftp.fu-berlin.de/unix/NetBSD/NetBSD-releaselicense.txt.0.drfalse
                                                                                                    		high
                                                                                                    http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecf8file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecffile.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://api.enigmasoft.nethttps://www.enigmasoftware.comhttps://clicktoverify.truste.com/pvr.php?pagfile.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://tt.web.enigmasoftware.com/analytics_all/callback_functions/tt_callback.php?hwx=%HWID%&sid=%Sfile.exe, 00000000.00000003.314954924.00000000036F4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315520405.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314995142.0000000003720000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shkernel.exe.ecf9vfile.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_shshellext.dll.ecffile.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.entrust.net/CRL/net1.crl0file.exe, 00000000.00000003.314778740.000000000377C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314191668.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315022907.0000000003748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314756371.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314286862.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.314500513.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_native.exe.ecfxfile.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://metadata.ftp-master.debian.org/changelogs/main/libs/libselinux/libselinux_2.7-2_copyright.license.txt.0.drfalse
                                                                                                                    		high
                                                                                                                    http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecffile.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecffile.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_lithuanian.lng.ecffile.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_croatian.lng.ecffile.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_turkish.lng.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.entrust.net/CRL/net1.crl?file.exe, 00000000.00000003.314341362.000000000373C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://ocsp.digicerfile.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://purchase.enigmasoftware.comfile.exe, 00000000.00000003.319956372.00000000046BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.openssl.org/)license.txt.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://installer.enigmasoftware.com/sh5/def/latest_def.ecffile.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl00Zfile.exe, 00000000.00000003.311425167.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311492040.00000000036F8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311473796.00000000036EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_norwegian.lng.ecffile.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://myaccount.enigmasoftware.com/forgot-password/85000.0docfile.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://cacerts.digicefile.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_spyfile.exe, 00000000.00000003.359675123.0000000004653000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://gcc.gnu.org/.license.txt.0.drfalse
                                                                                                                                              		high
                                                                                                                                              http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_czech.lng.ecffile.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://installer.enigmasfile.exe, 00000000.00000003.357927517.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354428445.000000000464A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318817304.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.359589995.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354119711.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356177203.0000000004649000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357884791.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356852384.0000000004640000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318124490.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319196227.000000000464B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323711242.0000000004647000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319967620.0000000004638000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360246601.000000000463A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.321840103.0000000004647000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://www.enigmasoftware.com/enigmasoft-discount-terms/.file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.enigmasoftware.com/program-uninstall-steps/.file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecffile.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_russian.lng.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_native.exfile.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.ubuntu.com/.license.txt.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecfty;file.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecfP6vfile.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.enigmasoftware.com/sh/license.txt.file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.gnu.org/licenses/lgpl-3.0.html.license.txt.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.qt.io/terms-conditions/license.txt.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_chinese_(traditional).lng.ecffile.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x86_spyhunter5.exe.ecffile.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.enigmasoftware.com/spyhunter-eula/.file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://installer.enigmasoftware.com/sh5/5.13.15.81/file.exe, 00000000.00000003.319371589.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354649211.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354614255.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357973484.0000000003730000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320331324.0000000003742000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318903127.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319054877.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318159585.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317516604.000000000377B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357986510.000000000373F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320308100.0000000003730000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.enigmasoftware.com/spyhunter-remover-details/#windowsfile.exe, 00000000.00000003.347374820.0000000007805000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_acpdata.dat.ecffile.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://installer.enigmasoftware.com/sh5/def.pro/2022080401.def.ecfE1Bfile.exe, 00000000.00000003.318789483.00000000045D9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319248303.00000000045D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_bulgarian.lng.ecffile.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_hungarian.lng.ecf.htmfile.exe, 00000000.00000003.318130688.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319333315.0000000003743000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319421336.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319035280.000000000375D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320160249.0000000003758000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_romanian.lng.ecflfile.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_x64_shshellext.dll.ecfcpdaYfile.exe, 00000000.00000003.320224382.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358157188.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319116524.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319463976.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318232812.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317562863.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354882287.00000000037A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://ocsp.difile.exe, 00000000.00000003.311769779.0000000003720000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.311788079.000000000372D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://www.enigmasoftware.com/enigmasoft-privacy-policy/;file.exe, 00000000.00000003.315331018.0000000003738000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315277815.00000000037BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315059263.00000000045D1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315604144.0000000004609000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315158498.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315318515.00000000037C2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.315577689.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_ukrainian.lng.ecffile.exe, 00000000.00000003.318878554.000000000375B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318932583.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358064247.0000000003765000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://installer.enigmasoftware.com/sh5/5.13.15.81/sh5_italian.lng.ecffile.exe, 00000000.00000003.360203497.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320086157.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318219912.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317377759.00000000037BC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317309702.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354372004.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.357727954.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323614116.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.358141483.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317410255.0000000003740000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319223934.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.320207898.000000000379A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.317599068.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318728545.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.319142324.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.318042871.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356744275.0000000004602000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.356312411.0000000004601000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322052982.0000000004605000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.354856588.000000000379A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  172.217.168.68
                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                  108.156.60.13
                                                                                                                                                                                                  		geo-ip.enigmasoft.netUnited States
                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                  34.240.252.91
                                                                                                                                                                                                  		tt.web.enigmasoftware.comUnited States
                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                  89.187.165.194
                                                                                                                                                                                                  		esg-installer.b-cdn.netCzech Republic
                                                                                                                                                                                                  		60068CDN77GBfalse
                                                                                                                                                                                                  108.156.60.111
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		16509AMAZON-02USfalse

                                                                                                                                                                                                  Private

                                                                                                                                                                                                  IP
                                                                                                                                                                                                  192.168.2.1
                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                                                                  Analysis ID:756299
                                                                                                                                                                                                  Start date and time:2022-11-30 00:27:58 +01:00
                                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 11m 28s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Sample file name:file.exe
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                  Number of analysed new started processes analysed:23
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Detection:SUS
                                                                                                                                                                                                  Classification:sus26.rans.winEXE@27/51@55/7
                                                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                                  • Successful, ratio: 99.9% (good quality ratio 92.6%)
                                                                                                                                                                                                  • Quality average: 69.1%
                                                                                                                                                                                                  • Quality standard deviation: 29.5%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  • Number of executed functions: 30
                                                                                                                                                                                                  • Number of non-executed functions: 218
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.217.168.46
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.google-analytics.com
                                                                                                                                                                                                  • Execution Graph export aborted for target EsgInstallerDelay__0.exe, PID 5680 because there are no executed function
                                                                                                                                                                                                  • Execution Graph export aborted for target EsgInstallerDelay__1.exe, PID 4816 because there are no executed function
                                                                                                                                                                                                  • Execution Graph export aborted for target file.exe, PID 5860 because there are no executed function
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                  89.187.165.194Setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • heufheuwh.b-cdn.net/chrome.exe
                                                                                                                                                                                                  http://static.s123-cdn-static-d.comGet hashmaliciousBrowse
                                                                                                                                                                                                  • static.s123-cdn-static-d.com/
                                                                                                                                                                                                  http://static.s123-cdn-static-d.com/uploads/4458163/normal_60b1d1ff0c046.pdfGet hashmaliciousBrowse
                                                                                                                                                                                                  • static.s123-cdn-static-d.com/uploads/4458163/normal_60b1d1ff0c046.pdf
                                                                                                                                                                                                  http://static.s123-cdn-static-d.comGet hashmaliciousBrowse
                                                                                                                                                                                                  • static.s123-cdn-static-d.com/

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                  AMAZON-02USEADSXus8Cw.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.6.98.232
                                                                                                                                                                                                  https://mizuhosi.mobirisesite.com/Get hashmaliciousBrowse
                                                                                                                                                                                                  • 99.86.159.64
                                                                                                                                                                                                  http://openeye.netGet hashmaliciousBrowse
                                                                                                                                                                                                  • 54.171.136.239
                                                                                                                                                                                                  https://comprarcasualty.s3.eu-west-3.amazonaws.com/csa-guidance-on-standard-debt-collection-communication.pdfGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.5.224.123
                                                                                                                                                                                                  Fwd_ Payment_Confirmation.msgGet hashmaliciousBrowse
                                                                                                                                                                                                  • 13.224.189.75
                                                                                                                                                                                                  https://bit.ly/3GJzdnHGet hashmaliciousBrowse
                                                                                                                                                                                                  • 108.156.60.70
                                                                                                                                                                                                  robinbot_sample2Get hashmaliciousBrowse
                                                                                                                                                                                                  • 3.188.190.144
                                                                                                                                                                                                  payment_copy2_receipt.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 75.2.115.196
                                                                                                                                                                                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpostsign.web.app/r9s0h3lind07rhinda51arn0h3ldr9slarkd07r9s0h3nW1&c=92652Get hashmaliciousBrowse
                                                                                                                                                                                                  • 18.159.140.180
                                                                                                                                                                                                  robinbotGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.253.254.97
                                                                                                                                                                                                  robinbotGet hashmaliciousBrowse
                                                                                                                                                                                                  • 18.180.127.60
                                                                                                                                                                                                  https://indd.adobe.com/view/fd4651d1-f41c-4be3-ad8a-eb3a15958d59Get hashmaliciousBrowse
                                                                                                                                                                                                  • 108.156.60.58
                                                                                                                                                                                                  SkyNet.1448.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 15.222.3.19
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 54.192.99.51
                                                                                                                                                                                                  SkyNet.1448.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 15.222.3.19
                                                                                                                                                                                                  VeohWebPlayerSetup_eng.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.10.49.92
                                                                                                                                                                                                  shedfam.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 18.167.242.213
                                                                                                                                                                                                  https://protect-za.mimecast.com/s/uPmFCMjBBwFvRZPBIwJQlBT?domain=s3.amazonaws.comGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.217.198.0
                                                                                                                                                                                                  2022-571-GLS.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 75.2.81.221
                                                                                                                                                                                                  c7oqCiKzbF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.217.136.121
                                                                                                                                                                                                  AMAZON-02USEADSXus8Cw.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.6.98.232
                                                                                                                                                                                                  https://mizuhosi.mobirisesite.com/Get hashmaliciousBrowse
                                                                                                                                                                                                  • 99.86.159.64
                                                                                                                                                                                                  http://openeye.netGet hashmaliciousBrowse
                                                                                                                                                                                                  • 54.171.136.239
                                                                                                                                                                                                  https://comprarcasualty.s3.eu-west-3.amazonaws.com/csa-guidance-on-standard-debt-collection-communication.pdfGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.5.224.123
                                                                                                                                                                                                  Fwd_ Payment_Confirmation.msgGet hashmaliciousBrowse
                                                                                                                                                                                                  • 13.224.189.75
                                                                                                                                                                                                  https://bit.ly/3GJzdnHGet hashmaliciousBrowse
                                                                                                                                                                                                  • 108.156.60.70
                                                                                                                                                                                                  robinbot_sample2Get hashmaliciousBrowse
                                                                                                                                                                                                  • 3.188.190.144
                                                                                                                                                                                                  payment_copy2_receipt.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 75.2.115.196
                                                                                                                                                                                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpostsign.web.app/r9s0h3lind07rhinda51arn0h3ldr9slarkd07r9s0h3nW1&c=92652Get hashmaliciousBrowse
                                                                                                                                                                                                  • 18.159.140.180
                                                                                                                                                                                                  robinbotGet hashmaliciousBrowse
                                                                                                                                                                                                  • 3.253.254.97
                                                                                                                                                                                                  robinbotGet hashmaliciousBrowse
                                                                                                                                                                                                  • 18.180.127.60
                                                                                                                                                                                                  https://indd.adobe.com/view/fd4651d1-f41c-4be3-ad8a-eb3a15958d59Get hashmaliciousBrowse
                                                                                                                                                                                                  • 108.156.60.58
                                                                                                                                                                                                  SkyNet.1448.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 15.222.3.19
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 54.192.99.51
                                                                                                                                                                                                  SkyNet.1448.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 15.222.3.19
                                                                                                                                                                                                  VeohWebPlayerSetup_eng.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.10.49.92
                                                                                                                                                                                                  shedfam.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 18.167.242.213
                                                                                                                                                                                                  https://protect-za.mimecast.com/s/uPmFCMjBBwFvRZPBIwJQlBT?domain=s3.amazonaws.comGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.217.198.0
                                                                                                                                                                                                  2022-571-GLS.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 75.2.81.221
                                                                                                                                                                                                  c7oqCiKzbF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 52.217.136.121

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Defs\Rh\full.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61376
                                                                                                                                                                                                  Entropy (8bit):7.99721527656712
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:oGRxST1xi3yoeuedpBKgmS0ITGUTdZWz4Hae4:jSTvineonITvT7Wzte4
                                                                                                                                                                                                  MD5:A23943F49D9212F92A2444941A00870B
                                                                                                                                                                                                  SHA1:8E2C8C6A4039A4A83D9294721043E842A48E7893
                                                                                                                                                                                                  SHA-256:3316093484F7F93128B03E4671EAE32B077A022386958E113C329ECEDC3FF3C8
                                                                                                                                                                                                  SHA-512:70B3E388DB46A0430734C783F4248B11E1E86F56AF9F2F4BF3FA288BFCA49AA2EFAE6B9AE297907CCFFBDD1D4117DDF13AF4F89C669C0AFF4CC9C6DF4324C92D
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..%.2Z....;r.).1.>3.....Y.....t..r{DRP.....I.)N...J..~.2$....e7L.kW.sOx.....55.>-<!...:...@.(..7.K{..0..$>Ht.e.P8.N(m.z...b3.......,....|MH.:....r.."Oo....~.9.|...y...S~o...8{fDp....H.u.I.j.....'./.......9J....M...-6.qu.d.n..m......U....E...:w..@.|.I^........iH..<.B&)5....#.p.w@...Rc.....%b/f...uDK"....SL.....]..'$.I..e.k=H8.fu.-...d.[..`.r*=...*JAMwC....Zs..,c.aT.4.j.../.."...4-{3._;}2...g2.j.".S...?.A...c...U...].....H...........Nu..>.\O.{.J..P...W.dbz..Z..o.s......x.._p..W.]...9.>$..._9K.=cXS...n....18.k...h.3....ikS(x.....^fw..(.'J..c .[1T8H..(.0.T.<.........Y........NF..J.#...Ib..r...?..+..S..eS.~..F..k.7,..7..6.".R.V,....;.!a./.o....x.g.A..p/RK.....85.p.u.j>..}..x.X.]...5...#$.`...;Bm#.A..`1R....#=...../k.7.yv.#."..M#&...[.w*c.......}p7\...Z<.....'.E...ju.:..S.6.{.D...g]g.E..deR_u;....R..&..^.....;.....;...G=w...C..b.X.k...n?..kU...EE..&s....rG/ .....t.+......../q..Y..L".B.}&5N._...TNm...j..*.@g....S..$./U...J.].].h>.X.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Defs\full.def

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1048576
                                                                                                                                                                                                  Entropy (8bit):7.999801502191134
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:24576:2lmosBfrRo4tk4wUJvBV2nfyI0RCwQWMLR6LdnEWA:GmosBfrRdwUJv72nfK5QWM9sdE3
                                                                                                                                                                                                  MD5:2303D457188A51F3B4489FDA4A2FF611
                                                                                                                                                                                                  SHA1:1D533E082AC8A75417484D94CEF1427A0B91EA37
                                                                                                                                                                                                  SHA-256:ECC9D5C17BBED89660FD22552D51405CB4FDC81C060D026495C3D3EAFFEE8FCD
                                                                                                                                                                                                  SHA-512:31EC5900E2465C0979C229C6ACA7CC3E0AC3D9663FF4040099EB6EEE0C7D4AC0F5A49CEB381E3106DA7E6259A24D0DEC649BA988B64A2078FFB7664952EEC20C
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..........x.....4.B.6W.=...t......,}5;$+j...}K....,.0Z....4..o8...Qr.Z..'....3x....6.8I..T.d..Y.S..5...V|..*wXM..p...u..foQ...1..g..rlS+~w.t....nP...M>a...;o7..\....*......+ .)....s...R.W...n.Z..J..K.,.dG..3#......F....+K....$..W........a..e..R...]..."-.PC\P.>L5.v...7.p<eKM.3..LjmiLi@{,..L=.6^.vM..A.@..P......k..6..E.=.8...Ye......>...jWA!...z........%..)Y.P<]H]..^.....8.(.......".Jn|]...+.......VS...f2.....~.GV.I"C)....Hme..M.5F.G.0....{s.&4$.K.X.lX../y......8k.......e.:...u;/......:.3m.*....~..'}....+.|..:...0p.O~h.3....J...3.{m.8I.nH...a.....a-.......L...$...;.@..NQ..........Xv.Q..4../.............:.F.]".Y...B....3....g..._...N.3...].!d.....Qd2P$(b..3.S.o7....H.\1..3...j....2>.'.Et.E.og..<......n/.'.........t.7.....2S....y.Q*4U...1F..e.p.%7.....?...z .dVpzGU.J;q.......U>jN_...[Y.B..!.5Hw...im.....q..P..%..O5[.1..j..x6.i....mr...o......Zne.L.Y4...PE...B..~...U75....W..=Q...-..`.o....f.F......J....`..'.;x....H.....wS..a....l.d....i

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Albanian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):50848
                                                                                                                                                                                                  Entropy (8bit):7.995819494658591
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:6Tng6NVUAhysyLo8oo4kDemCWBvLw8+7K5dzO:6Tng6fRhyswo8h4kDemCX8SKba
                                                                                                                                                                                                  MD5:976CB008B4902CA8F7B0FAFD67CC8D7F
                                                                                                                                                                                                  SHA1:B7FB11F06C534EA450EAB52B20B18565211282BE
                                                                                                                                                                                                  SHA-256:C5060390FEBD5CC803490444E7AECCE91E837CCD4ED257BA6CF8F9063450972F
                                                                                                                                                                                                  SHA-512:FD177E34D0C2F8FD5E45674C78F662F62EB7ED471F3E73C3E520B2E9846AA8E548541AB91978BE4AA150489E1C1ABD34E26AA5B3E8F380F2780C5B1FD8E45DD3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.z...V........&..4.^.y.WH....$.fm".[.c....W...F...d....(...Y.E.......6.l.....S\......7.?..?Cm......}...iu..g.8...qA'{....D.y...~*b..3.......|..PF~.<....n.-.............p.[..#...._........O.".4"|..:.E>....n.f...#..-......X......:.....#....5.?.i.........?.....B..A....qZs.AT.9v...L..X...*>.+..1.o.[..G..].u][.C........^./^.....@..s.3...CY....|H.Q...!I..J.N...4MC..o.. ...D!.%>a').e...K....[._..b.[..DG.(..pi.,.$CT......o........{P]./k*F.W....1.a..EE....V]E..H.....aX....C.........F...E$.[.~..c.,=..]d,.l..W.Z.,!.HN.......L.Q*.d...Z.w...=."u?.Se_Y.M.=9......t......c....(.6V...Y..\v3n.2.9D9B....q.3....a.|..7....3....G.M.'~.9.2..wH..1.Fv.G....UXe~3C).......!.,.*.DW....k....$..........;.....R.j.F....b^..k........@.v...~(.... ..7,xG*...?..rTW.J.5..&....3..6.a.._lC.....e./.:3....T..5.#w./.....N_..~..l......lq.[.....u...d.#...N{S..)v.U@... fV.Q*.L.... ..h..DX\;\.8.^..U....6..R...s..ZE8.|.Qx.]|...[9..6..|p......).'.V.l.h....v(#A...x[........8.]Dy........

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Bulgarian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56704
                                                                                                                                                                                                  Entropy (8bit):7.9966622028475305
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:ASfranQjTDA8Rs1qUTdAjCwW/L5T84SRa:bosPAes1/aewaLJ8xa
                                                                                                                                                                                                  MD5:6618E83905AE4F765661C05EAB36A4FC
                                                                                                                                                                                                  SHA1:3430296DEC76D4B0B94EC96BE8E9B173E5FC17EE
                                                                                                                                                                                                  SHA-256:D63DA339D437AD9254862F9E9A103272E0B7D61A6B2018512E270791F07551AE
                                                                                                                                                                                                  SHA-512:8389B1324506014BAB8D21276ABEF4DCAE4148F21267238FDD814E764A8BF310F677FE6A2103EC2EB1FBB657154B5A625BBEAA13CDC9DFBCB88535A38B961A0B
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:...:.p.(..$..f,<.W........H.<.g|...|..F..Wi...................Co...y..[H......p../.8g.......U..._.HZ......7...%w0.N........i.HY.C.....9...!..Q.....4&.....P].g..lO...bs..9.u."..3m{......[...w.v.8.).a~.d.....e?y!...d.u....(......-.bj..=Cz%!..:f..$.:c.w..S./...O.z...e .a.....^:.a...'pS%Y....2B..+))'..;...q..].G.....c...B.(w..6'.Q...3[$.1.`.]=.&.1.%...I..F.a....Q._....v..O..yC......y3.Py..d3.....gj..Zoe...5EZ.c.~e...........o....#_.j.....%.&.Q.:i8...C.!Uz..^Vo..43..Q7..n.5L...f...d._...O.F.xs.:...4q.Ly,E..`...m.y...\.h.+q.C...z#...U....&..uXR.9.{.k.).k.........#.N.0{.19...)u........`...,....&@.....=.F.q[-.b......y..Zo0#f..>..p.6'W}....C#...;...8...`...O@).J)....U.j..|.S.0.Y.'...Z^...x.c.......8...|.!.])......L..1.q...y.....\p.H.Y._.=.....u}K..0 Y....y.}R.[..E... ?..H...t.<...G.B..t<m....sO..7.@.q..y......t.E.Q.?..c.^.p...A./R...}..>..Gp.....!.. .....kG.!....8.P(.N..5...#R..m.u.-.3..]$.Q..st)v..Y.L5.k..g.h....b0.R.v_:....c.....1w..

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Simplified).lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):44544
                                                                                                                                                                                                  Entropy (8bit):7.9961564371757055
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:08drReUlmrdsecBBjXHOAm2nqkn1ogUKkVc6spAjwZRI3VPjpUIF3oCqSG:71m4jXKk14HPwnC3VLpF3iSG
                                                                                                                                                                                                  MD5:04FCFAA2CAC93ED7A9BE17B254EAA8B7
                                                                                                                                                                                                  SHA1:F7A1DE255EC9639651248095020CEF09ABE883C5
                                                                                                                                                                                                  SHA-256:9A07B678314123FD9750EF745AFD988449AC88B190E358B5658B18A01343DEA4
                                                                                                                                                                                                  SHA-512:CFB2CEF6D9029450A1B5426B6CE28AD858A547DFE5DE7070C1EC9B0EE07E4179D1D14DE5A910B099A30A6ED9C6758CBABFE6E8ADB3BF2BFC3E447889E3B76F8A
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:[4..n.`.alW......4..X...A."........g.......G.j..P."$zy'...{.....~Me.y.P...>..k..%...U.g.......<.e@OQo.R....]....."....BGx..Q.l.iI..,..o..(.n...)...P..z.k.Rj.....`Ldx.-...0O....Y..s.S. .xM.1...<.......u.K@....D./.a].....A.1.]@.Lo.,....t...da@'...%.wYj..z.....!$.K4.......jL./:...-..>...~.Z.......|N....M:gI....|H.`.w]. iK.D.........&.o|.2/WXm..J.'...5>.-X}1...et.....LW.m.%<9r......nn.R..].O..s.?9.0;u..[.0...z=D..a.|.,!......g..D.Mld..1.%b..O.C..P.m.Ck...5.eJ...X.._..,0....$i.?$...J3vL..;36.<./.p..^...zl..M.v..6l......3.=........&....v........Z.B.'|-1...=.X.r.....w'.B<.\..S|...#.*4.L..#ltYs...C.\.x.8.i<....L.%w.`QIB.G....<^4.gc...V.8...-2.J-.7}...HM;./x<\.B..Q.=.....AT.. !...F.?v...j5-.V..........c.,..4w......DM..5=.XUJ .*j..#..#o.,....;.h....#.|...f.......4dl..'u..*..dFu...Q.-....c"T."........+`9.w....f...g.wn...A...W.A.].....Z...>AW.....{...g........v..4p!:.Cy<..%Dn....K-N.Z.P..|7...'....,...[.M.n%?...I...S.|.~w$t..Pj.y17.6.-..2.}T..>f..R..&....._

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Chinese (Traditional).lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):44960
                                                                                                                                                                                                  Entropy (8bit):7.996099716929491
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:QNsB32GtAfawAkaskx2iJgFQpTxgmPjvXQpy7aSreTcJS+vv1vAOXWQBWfsd:os12yAfT5dg1JhpbPj4w2SreTclv9IOJ
                                                                                                                                                                                                  MD5:0BEF946652554363402BE05E41015BBB
                                                                                                                                                                                                  SHA1:93891647EA0CB636541505F9DC045AE8A9D4616C
                                                                                                                                                                                                  SHA-256:EC337520003B26095204172841E21F097C5DFE34C1105097E20E9FA2AB832D5A
                                                                                                                                                                                                  SHA-512:465536C80112FA83235ADF31B8A4E7976030112DC064C4B2681380D962DFD02A16E8BF18F562A60F6F36891060817E29A7323B2E95B834E3C5D0899955521528
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.....^......!..[.\C....>...oo.<.24.~.&..&.?.S..d.c"zl.J.y......xr.s7....|.........`V..G........W/......<...R.8..{..a.....|h.'...4.U..j,..S3|..x5.p..B..7..^.8./@.uL.B,W.....O...g...D..7.X`......i......'fU..GB..i...e...'....`.X&A.@+&..9>6....t....-.".X..b.-...8?u[w.[D/.... ....|.......7..G........Y...V.T.}.WP.}=...b a.-@X..W}.7u.......N5./.T.>.#N....!.....Y..N.j...!>.xvV!...w.G...tR....U....I.19...?...v...Q9.i.>.8..h\....5..xU.w.9....z.........NifA....~.1..y....z..4.bM..QF..YQ.<.@+..|....]....ziq...-.U...xX......k....P....$.$!.q....>.n.wQ.......vaZ,........5;X.*...w.6iO.2....yV......e.....;.q..s...Tw.M..F.......561l|c......iE..Q..I...VA..;O.d.HF<ca.`.x..@..w.!..d....~.f,.pD..H.V...h+.+/d...Z@v\.H..e....2.....L.\...KA.......5..6o....?T4N...x.b.T.p..v..:S..@.D.h3....s.r.8O.E]..H.P.....w`.9,I...De...{.G$.KG.....w.WBwq.g]^.....W.)..gZ...1._..C....6.<T.,...X...].T.5.....g......#d..I.....s...sH...P4..(..;.m..).Y/X...^..1d=.9Px.@...M`y...cb..k.....:....AX.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Croatian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49120
                                                                                                                                                                                                  Entropy (8bit):7.9959514160114304
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:BtraZA4guj6hHy/kRqRhiXIWOr4mm36MYwx9AnGytdmtTfew1XQI0NAjNVV8JGCT:Bx42SkqT8IWi4Fvynvtdmx6NAJVVmGCT
                                                                                                                                                                                                  MD5:D36F2FB4D4614620274FB5B6C7B74DBD
                                                                                                                                                                                                  SHA1:C878FBA0B13B820467A3A6DFABBF7685938CCBF1
                                                                                                                                                                                                  SHA-256:4425CC691D8602F9DA0166419D06E945DA46AFC1E7B96573B3AD1FA036816301
                                                                                                                                                                                                  SHA-512:7A0F7343D70E2B6DED9256F5D07501247CB3D48817F081A7EA9303FA4874A8E2B19DB0197C766CD05F0445DBC1C72C929F8451695D64BDA8040078E4E0E9E095
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.6.u.O.@.4<.......TCj(.d.k.hb..-..nz..gz[6..G......H<.@uZ....|..L..,.^`}.e.....{.u...ZEL..y...zg..@.h...w@S.'.2.(..n..C..5C....W4....v...fE...g.Dq.3..~........;.N-..(*.J.f.\...J(<..j..O.....Z...7.....<S..... W(.T.9X_.........."z....A$.....j.$.6..../L...v..w.2.Mu*?./.e[cf.d.....2x...6z..4....s_"a.?q.p+...o...nr....-.E..M...X...)M... I...l.n.(..).k.X.t.......8.6..t..RA+...*k...Dy...UT...3.!....6.;F..,L.u+...j.d..{.tX..c...|e.6FJb.Ol...R.c...pNU../..N...B..={.6..".(s}@.1..iw/r;i....W.Y..U............e....*.y..x..c.$..K.).y...|.V.y..=..{....6.....{r)t...x.=.5$..o...U].......7.uDE.......\.d.a.,_........gk.4.9..T...i..f...K...9.+....e2..\..L)Y......U..blS...\....B.PLOV^......Yg...G2....h...3.$m.^.|!.s.@.N%.S.w....8[.....E.1.t6g..$...'.....\p.).....t..-]..V.g../E?.`.f...I,> ..@...O.=bh..hR....J.J..F.......{g.N.qz=U..:C.....,.u2'P..B..:y.:..4.Ky...Ty.0>......3..[.R).v....*..........q.J:?.M......./..z..A..G|.E.x..~0.D>`........d..t.........&.h..X.4

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Czech.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51392
                                                                                                                                                                                                  Entropy (8bit):7.996800787014128
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:p+HtA7Mu2wL/FB99QKYlc7az00MtSHGSS7ot5ZKBP:pZMf2/2c76RG77aKt
                                                                                                                                                                                                  MD5:191C5A8C60F25F69D4F943485B52B787
                                                                                                                                                                                                  SHA1:23827A4424723CA84EBD8AB4F724D8A3F847CD40
                                                                                                                                                                                                  SHA-256:53F153AF1CE3DA8FAEBE4B4D24F50FC460F85438AC4F4DC0BE1BE68B6A9E6BA8
                                                                                                                                                                                                  SHA-512:151B1934F3D1162D5F0111DF4BC8EFD7D34B94C7347AD79AB131FB7986D29BAF0313F8BE3245FEF49F34498A057AD93EA50CD3DCB3483288844D0AB7DD45F428
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:xlH...<..HgHTb$...`.1.]A@.d..1...a...\r.(.Q.,>....<..w."..dS.....(.<..f..I..........-..1<J..V)..T;(.....<.O..MZ.6..&......|{....X8..,..Jy.:4..L.2..."..g.gm.GU...Z.k)f.|,.,-...e...c..}Z..b..\....b.V[..7.g.8.$.=/d.....2wO...*.....--......3W .../.....%.Po..'..s|..:t....A&.`X7.\...>2^.yw.n.....O..%................G...H.-........D.(...~olA.L. ..4..g..._...Z....SuK..'.4@......j".G.^...3......^.e.Z...p....;.".f8C~.Rb%...).#............7.......r...q..up.%.+..b9.......z.?.Y-.S...A./...._.L.\...H.S.,... .7i...U.:......%.:.._.'...........6....DJ.......z.`.S...O...?.mD.^|qy@nD.........-.9.\...o..*.{..6.J.=..zj.x.zG..5'....S......6.o..:..S.G.7^.... ...s.....-.a...@f]...N`.........}E..c.I..H2...Y.|.GD...?...A..L....:...O......"0H.>.....f*...rx..k..q2...x..&.(...tR....B.j...skO..........>sl...7oD..q..qO./QJ....v.VJ....._.en.H...G<`...L.[.........++-..JleJ...s.E.^......'......&..*;.)mZh...U.ek.......;......Qh.&.......fH.^....[.i...kZ..@....

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Danish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):47136
                                                                                                                                                                                                  Entropy (8bit):7.99711126287396
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:psVmvfwZNnX1uHqX2DXiBwwlT6isbRL9Qiw24aTk2wMcgyON9rexw2oR:WsfwTnqWmQwtNp1bpTiMcTM96CP
                                                                                                                                                                                                  MD5:0985C9DAA23F1700CA990265AE158BC3
                                                                                                                                                                                                  SHA1:C6DA87C9801716989188DFF6F651F01EA3CD5BFF
                                                                                                                                                                                                  SHA-256:C19A7356DD44ADF14C62D253CB88B5E83C11283E7CB57A29FA68AC20F1840EFD
                                                                                                                                                                                                  SHA-512:9F5768270AFA4728B734EB7420A8FF4A82826364A81A53A6DEDDDAB9528EF4DD8748E0C8E0B825AF9F78D3E0EEC99D890FFDCE30B0812F354E0BE2EF5A0FD203
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:r..We......>.y......q6=.E~..i.^..*_}}r,D..x...@Z .OH~.}+WLn6.i...n..'..._.JK..$..E{.7".p..Z.....<....o....9....ULA. ......l.&s..0ZO.AV_..1<..|e..6l...<.-.{.A.q(.09...eg..H...(.....v.WSb&...!a.....{....AK4P.;/.v.h.x......$.n.w5r.I......:..^.L0....[..kuM.}iR..D. .2..n...x.c...M..0H...I.lPu...L.F......_q&..pW..$.....&q..h.0<w..q....8..).C...B.t.....L./.....R)RX....c-.lF2\.-..^.g5.n.L.|N\.@>....3....:P.L`...Y'.~...h.!.C.`.Y.N..F.......b....g....@9]...I.....gG..e.aW.$X04Ks.@R.!wi..._....`;#1...[9.:...*pB...1.I:0..._. ....c.Q.<....d*6QoB.<...\.".Qf..S..j...X..Y..2:c.X<.e.>.q....t.7\.y....F......fB.^.~.\HM7...c....wC....TD83..6..r...PX[V...F.[5.G..F{.6.s..,.Xk..).....j..'..-8..J.[......S.g..UH.M3.O).1|..F....x..S..l&=.-XC..n.....|e..?....b-.Z..h.c...Q.9..R...{.gfV.o.eaN...^{[7K..y.@.........&|3.....o...........Q>..........m.!.J;.e..D....z...:p[3.u...{I..w`B0..$Q..6.\`u.,xc.0.{.u.,....z....x...q...C....k.jz6..(.2...9![@....U|.......o..."..g!.0J..

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Dutch.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48320
                                                                                                                                                                                                  Entropy (8bit):7.996230355017293
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:dAr9iBSGU9AG6FT6OP348PsKlx72ZN8dOG4DDAIREKMRErUGKJ/:w4BSGU9AG2T6i3dhg8cFD0IR1MR8UGKl
                                                                                                                                                                                                  MD5:7E3368BD8F799DCE730BED0D85BCDC9A
                                                                                                                                                                                                  SHA1:0DFDFE81C81806D9CB5A6BD7913455F4E3A34A9A
                                                                                                                                                                                                  SHA-256:782743FB4BBD79488D1DF851C5A26C01CDE4BEE285B7EB451CF24E063AE723B4
                                                                                                                                                                                                  SHA-512:AC8FDA6F6EF00A15E6371420144EA9F53321493A8F4533ABBEAA9CA24322D9358D81E130EA15C909D687345130F54ADA33BB76BD8C486F2CDF64AD85F4750422
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.....Uc...#.:....S..}.~.).E...?/:w<..H.......Tt1$...b..Q.......A1...=.O!.-.1.q..H.W.F.|v.c9f.gL...~..ZP.@..6..[.>.'..Im.HEAhkh.&.E.).....~..52B...R"...u'...m.H1..,.a,5D.E.+&<...$.<....$...pG..lo...t..z.s..(B=*...._.......2...y.z.>?........-....Wc.u..p...........pLg2./B>.rS..1......x.3..,.../.4....@.1..p....0e..D^@RM.X....E...k.y......0..VI...k.S...b.....z.Y...}."I..eG\....{:....x..*P.q..d..aQ..p.z|jh=..{.=jU...B@.Se].$......S>nc.'k./8..9...EY..|..({......VK..{x........$.@......_.._...L.n..].:K..-..zg.......0z.x.Xov..P15.oW.Kd.R2e0g.X..D.(.>zt..K.z..1.Qz.)..O.F...VPv..q..x5.....V..G..4.....6.."\.....gK%...Z......v4"+.S{.@./<..|j.;)4x...r..b.t..[".CB[...z&}u.H...K.3..>>.2..'.....j..t+....v$....2*.T.sCb.NV.......T.Y.D9?9.b.D..sZ"..R.3.Gx.[....En...xDY..=..j.Wg...a..9ba.?....Iu..@R....Us..=#..E0 .K.P.......Mh._..ET'...U.....L.*..^+(.B..:..3..6B......]....r/;.<...4..:`3...%............l.`m..........Q..$....qes.O..../.y.....*d&a...I....|.-b

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\English.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42784
                                                                                                                                                                                                  Entropy (8bit):7.995729901452885
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:Cv3VkgFj7UnG7+bAkmzx1eWHmVypmUIXOv+4/4t7muef3jOEb:43VbPEG7c5m1RQ1X4mr2b
                                                                                                                                                                                                  MD5:CDC4212F25766779E915F5189862523F
                                                                                                                                                                                                  SHA1:FAF1A8BDCD8F0A460BEF210C7AD72841F6504059
                                                                                                                                                                                                  SHA-256:E2A0515CF459BC2C60D1C849C52ADD6928CEDD0460A1C60E81DFB9966C8A95E0
                                                                                                                                                                                                  SHA-512:D99E0AD932B6E9D2E2881781B3A0B55C67C41C9BD4D184C1B2C29F1F50D1E4D0EE22DCB3F0B9B30CB3D296DE67F5D12D873A9BE729277A6CCB2F87227A4887B2
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.E~[.aQ..9k.Q....K....I2.. .>i.(....QBt.o..R.*Y..3.%...P.Z...Gi....."...v.5.,/....{..c.23......b.InJ^.C..Oe..w,+..\..|..K.....x.;......R..#.f.#....Z..vz..ar...........h$....jP=r....q.|..}j..$.F.9]..$uR......c.T@.f.....L...k..q44......<.`.q.....t...gc$A....z....7.pVX.y..Be~..I.k.....*...........b.e..F.....% ..6B.k.....P....'$.a3j7.... ...X.[.#6..X...)"r...,"...4.=h6.~.....K.g....cC_...g..... ..h.....I>.....)..5Bg0..i...;.....d.uS..>W.|;.;m0E.mO..*.=r.=..^.d|.^y.&|...U&.8m.C....;."kAA\.4\4..z.,..*..P..3..f..X.gN.a{..>-Ib...?yVK....K...o.8..z.w1a..2..e...W<^+.e.Fp..&k.8V.|....:.....x..7'.s0..<..T..$.6...<.O....hD.K;...I.d.%*a]...#V..rg.....h.5.o..$.....oI...7.&w..i.O..P......lm.h..t}K$.Y.....`.~.8T....k)l..10`..ss...C.j{...4r.i...k~7Ho.......[...+...N..B..~..(.cd.i.........@...T=vq.{....8..m..].X~...gj\1@IG...ru:........O.....W.......#.p......}.\...MLBP97M.1.x.\...."..O..Q._.........r.............N...8.m..:f..3..S..2..j....?..P{..W.+S......

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Finnish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48512
                                                                                                                                                                                                  Entropy (8bit):7.996154119133664
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:+s+NSaq94nPlAXHyIbHbKKMOxRGUbxAPk/DvKWr3C2TyOf45bWbAvvTat9yHruzq:TXl4AFTmKhGUuPIuWrpya40Avr/GnZi/
                                                                                                                                                                                                  MD5:0B286A1B30CE5C89E2F9300BB8254286
                                                                                                                                                                                                  SHA1:B974D6DFBC5FE1BC89A62AFC86F6DF6948209D54
                                                                                                                                                                                                  SHA-256:610426F80771C20488BEBABA11B69DD0E32B3F7B1CA25EC4714792EE6F48C8F0
                                                                                                                                                                                                  SHA-512:19F56A34676FA176A01917127E7FAA8ABAA20C136B1F120CF0A3855E31D863EDB3CD7287A572E8C78AF2F904C0EBECE906F7BBC04F6D7FFBE833C69DD59A0D6D
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:q3..b.o.=_....|...G.....h,.v.>.NT!.w......L.3....L...T....2.@v4.fu....".;.....d. .h......Z...`.X]Z(>>.I}....S.",d..R!.....\..(.;...y.?..q.xo...?K.A.Y.......}.....VC...5?a....4.....,..9............=...{`.....p...!.N...d.y]..sK.+.r.N.r}..qq....G]l.....w{..=.\....u....H.....of.c..Kh'...2...}{.... ...r=.IQ..D.=N....4..!Pt...O...T7.-...b..g............4t..M....r-.....N.u.t....&(....}0..(...aY..S...r.......F?.I.,H.!..........6..0.^W........=...{..j..E.-/.....z6..6..L:K.''A..z....c...uA.:U~[.....!....O..'..f.3...S'..P.n3...9..q.l...O-.....F..,f\..-Y&}Ef..hw..)..8JnS....,......_...(*..V".#...wu....2W7..Ls&....gU{..SifB...-...yrN5~'...j_.D...d...........=.........Cj.... .v...G...l2M.p....w4...Oa..R...l.W...C.S....j....m.v........\~.gSe.n..........d...%....A.]9i...C,Q.'.%..I.L...q.6j.u.....m.IQv...u,s.F_I.P.5..r.w.....[.[u$|...h"h.<T.\>X.....a..H.M..v...iH.9...T..b..#.w...?. m.s~.G..\.Q}@.q.(..WG.i..)~........y?\..X.....[.|..{|...q).{.....r.E!..

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\French.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48224
                                                                                                                                                                                                  Entropy (8bit):7.9967131332237615
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:4mioRiouNLX1LAycAs0i/aNpB+5n1P6Wur90/O96Hv69H9PIQPGfSLlt:Pi4iomXJ3zNpBQmo6N9DG6LX
                                                                                                                                                                                                  MD5:5592FD72F10D4DEA1D0810B2857D8632
                                                                                                                                                                                                  SHA1:4BA8A9BCADF7DFC6B10EAB0F0AD138E5A6C451C6
                                                                                                                                                                                                  SHA-256:516EF58F2C62EB4C2B797586A24869C0A9DFD816E4D80DC79C1DB7E2AA334142
                                                                                                                                                                                                  SHA-512:443C875E496A7A0BCAA87402597F7F69A1196E2D63259E17E8F40589B407039D9762176D2A731B50E26FC4AA99658F0D880459AE19177AF85943C3ABF4A6DF8B
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.0.Q...s.n/.x......:'.:..l.]..@..w0..R\..%3..T.....o.7f#w......t...m...=........h....K(I....tTE....L..E..1i...!.....x..hdY.".N....1{..^;....f...G.Y.b.q.+.#s..'..=JN%D.i#2<.....^...J%&vo...O..(.7Q.....j"Ks..{.6Y.8&.'...&^,cl.`.N..N.....aW83...m...*.3...i..n.....Je>.Z.6b.2.x..O...N....l.e.J.G..qK$Y...g.{....i....0.....k...g..hq#<. .k.:....A....I#A?..R.......H.J.k.^...d.0.M.:.....K.xtJl7..7.@..GoO......[..*.}.*.TVU3.....j..C..xO{.ST........3.wnx..e.{a.9w7..n$...7..e.......o...!B4.4...0.).x_...8.?..m.t2S....:...2..t.K..{...2}z...8..P.......2..1lo[.aJ.y..b...H.1.....h...U.\TO...<rw6.)p..L4y....6cs...0.s.N!..P....`.G....^.A.C.C.l9t.... ......!......c.}.]N.....|F..P....q........._.......u..3.<..6......&.N.'.w..e&...C...H.}1m..P.F.....;.s.M..h..*.%.`..V/..[.....N.R).]I.`B...<.nS.}xn.6...1n.../.`..............s.#..M..Ix.!........4i..%%,"g.-N.V/..,......;....{b.9-.......6.Oz..=.!W..=J%...?.F..........D..x.0.KGM......v..$w.u$.).WY..|cG\

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\German.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49504
                                                                                                                                                                                                  Entropy (8bit):7.995807513580829
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:/Et3lCkAJLjP5t+GavecrMfYAx3jUN4UR+gN8kP1THWt39FA4sXgqpRUcdGHb3m:G3471H5uuZ3oN4eJ8c1jWnEpldArm
                                                                                                                                                                                                  MD5:9FA1C4183C3E9F5849B29483B2685C14
                                                                                                                                                                                                  SHA1:0BE0F1FDE03E1619CA45A014F72779FADE00B804
                                                                                                                                                                                                  SHA-256:BAE08EA9A1C7969161C5CD640266A4D4CFC676DA5F09476A69C2088D0EC62C3B
                                                                                                                                                                                                  SHA-512:0A57DBEA7ED6290C6843C228237991D5A722A8BDBCDC0FE7A93381B16D4265A28C257D8D6C211FD3B7E54B82A0D8985F08C379EBCFF329CCF9D3E930A2009099
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..?#.x.u..D........Uy#4..(b/.....:.Y..w".d........K.....Gc.E..GY.$.aH.Biw|....(..We..p......kqK.X._^..l.Nf.dl..(..Mn-R...a.{.R@...A..lN.pvf.....{..4.H.......p.........L...x..v.B.c.Q..s}:N]D......}.1.U..h....'..73.......>Q..L.....i....5..5..p.UJ....D...B.9..{su...)L..q@..\..W...ZM.x^M`v./u.......-.\.O.h...bx.<.e..u..r.B..."...k...4.......).[q..>...NC..5.U.O(..B'.mv|v....mU...dk..I5....C.tH....v".......X.r;;...../.Q.j...U.&'....l...'...lTZ....2E.e.`q...5s.+.....7....4o...*b.>....h6.d....Goq.W.oW...o. mlE.a......J.M,?.c.`....cH.1aZ...q.[7.......u.W.../.~)2}.k=W......d..4..H`....9...(.......)".G<+..JF[....w..b..s.E.-Fz._Q.E^-..hsG.....,.n.Y..m.Wl.5.....^d.U..R..0..1.R..e...dj.Y..$....R.....K.;G......%.g...X.J.......X..../59.i.*..kF}<..jcBv..m|..n......f...f.!...E6.3;.F..5.lz.jXb...C...Qu.6.S..O..=..nQ.2C......z.........3..b....y..-.[......Fn3..pK......].....|x....n.:@....5.Il...S?.3.N..-6.....7..\2..Sy..v.I....zkH...e.9...v'."....

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Greek.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60096
                                                                                                                                                                                                  Entropy (8bit):7.997056401458807
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:4NCSRPBRJaHcdxJWn2hF+RHfPrH6KDIk2w08lv5Vy+DQ:8RP0GW2hF+Q0lK+DQ
                                                                                                                                                                                                  MD5:50989BE42BCE3389348A4E9BB0193E77
                                                                                                                                                                                                  SHA1:6F1FE6159CF951D267A6C5714420C45C92FA1A8A
                                                                                                                                                                                                  SHA-256:92E2302F8300B415C33F1EAE6FE51F419FE9411768126C09B216B53EF3208ADF
                                                                                                                                                                                                  SHA-512:ED0BA9FC76FB42A3EE160188419F07942DD0AA44B165A369A49849959AFEA63080B1B571C47D2A95F37575C0F6D72A5B8C061B439EBB9E0A027FA63E6C520D21
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..cG.x.........w.>...t.V.7:|E.O.E}..`.;y........s.R...".'..d.\Mc?.2.+..+p]\..A.A.....%z.W..\.6..R..VGT...x..M..e......Vm....z...y..Kq.%...-.......a...%.[/..)$..C%.D.W_f.>O.......:.^2.......l.......w.....~..&v.............>a..[*..C.nR..M.....`.']G._?C"......:..l......B.+.ix...R).]..r,_...Xh"..gE1.l...C. .{.:>]s.}...3...:...F.}.......&$.....".eP.:^../..N....<..l...z@S...C.=d...go]........S-lk..\......q:......0.v.g..?....4.m..8..m.T.1.{.l.!..3.x.8.x..dd.z.......U^.;...u.8f...q.9.....L.w9.....t.%6{..H..:).R...?z..z%......c1...|F...M..m...... .m. ....y`.[..... hd..S..c1p...E:9.T_?.`V.a....9/b. 0..@..-....2.i..v..+...0h.&...(V.........u..;.E.?M......y.n....bj.&I..C.k6.>....Ob....o.@..ma..o1L....`.ev3.P.....,.zLVR.....n..F..}.W.P[..%S.._ ,(.(.....).U'5.-....p9.J.........~U=..Y.x.[..]2..WEY...L._....P}$.....xFm1..6i.p..i.H.....A}Z....^.x..j..y...o.z\.kd6.3..u...Z..VE..o9.p.#.P.>.3.@.v...9'.~.....zKl...d.8........}....1..K.L.xk...-._..Z....j..p...

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Hungarian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51392
                                                                                                                                                                                                  Entropy (8bit):7.9968985948672096
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:gOrpeqUFMgGt03zi+NcYO8VhV1BX8QLpkwhWy6lGbVWEsHwxQaGZ:gOLU2g91Oyz1BX80hAl4l7K
                                                                                                                                                                                                  MD5:E21947E89D81EAA19307098634A1CDA3
                                                                                                                                                                                                  SHA1:990A6AB4CD228298769BE7A6494317F56BCD05DC
                                                                                                                                                                                                  SHA-256:13AF244A480AFCEEF13E6E68D1FD88C3C6640463771B26A01B8EF693F55DB008
                                                                                                                                                                                                  SHA-512:E5D789680077B2C261E9DF1845BAAC9BCFE26BE5A7CA7631DC1438E627277981A2CFBCC056A7A75B9B6B7790347381BCA8EAA39CB2DBDA79DEE954836CA0A464
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:<.........iB.T2.U...".. .\.p.?-...S{.V..Bg.Qj.......O.N{.vY......}.$.S......,{Y1........8...Ye....y.H.zR^<. ..p._..6.#f~.na...=cz..%.H.=.E^D.._..u.1`).{...z.Y..l.l.4...[.....w .......c.@..R..1.d..s..Ne.!C%T.[a...C...>....]..o.(..e.....!b..v.H...r.a..y..7....$...*.d.n.lW5...5..............U:..\......-#.t1O.6|.-}F.G.4.b#...~..#$ X.dQ3vK.J.........r{..=l;8nd.FO.k4..H.t..E..9Z2.\...Pg.ZF..._Gva.F..%.~:.;c&.......6r9/..b2E..ui=X.I.PK,...g......"...H.]\..._9.'..z..#FMeT...4.Qu..#.N...7cy.........I.#...iN....8.o....\W..ZiUD.c.g)....p..........C._..(.J*z.I..@.<.-.....z..L4..(...+...:B....4."Q.$*..3..h..e.........J.*.?.Fg.......s.o.16....%Dk/...........,......hA,5,..[o.k..`q.9.O........9.S)6t...a.M....T7.*....u~.~L.D."..;N...1.A..h..)dd..9y..w.3.t.....V./..M.."..5h<?..5... 6YD\.R..r.%gC8s...7.;yiN.3..G@.,U...6.a...W.D.Q.. ..9s.@...a.<pW/......7.Z...j.C..}\..... ...U.k@:mM)..z..e.h....q............+.z.OQ.^.)d...(:t.?...RGU.....l.97...p..m_.....

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Indonesian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):45440
                                                                                                                                                                                                  Entropy (8bit):7.995735152404058
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:6J3jbt4FakmnyjdmO2V2CYOsbRhWtE7o4t6t+M9jkCMr5:Y3jhkmyjdzt5lRw4tUjjVQ
                                                                                                                                                                                                  MD5:AFB1C96541A1206C84101DD39633AB07
                                                                                                                                                                                                  SHA1:1B19ED3188A2AE9637165F4B5FF14FA5F97A9111
                                                                                                                                                                                                  SHA-256:37BC59193E038B46894CD3E30D42FA1F941F518FE9EF5CFDB9362B69D1629FC1
                                                                                                                                                                                                  SHA-512:76E1CDBC2741544D8652B659974575AB89BE4D55933BEA54D46F651C611B8F03048897717AA5A5E539FAA1D6E5B725DF6445FFF8C6C5C6B321B87B3378F27D93
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.....6...O........{.jQ....EO..;..bhF*. ...$'.w.-.?.........b.m.u...Ws?...fS...4...c.W&V......%....}h...".........%C..L......==qE.2..O...0<j...3.?...... (.:.../..5< v.O........V1{......W}w.EQ_+.<......`}dF...&.6.V..)#mX.fh..RR.E&=rs7....V.....I...X.)....s..X{.5...........z........F.....r.b.....GU...]I....P;p.$..1|i...~I.,5T..p.......<5.....E?.2Y..p.R.P&['.c.hRZ.o..b-....d..B.q(.Z.._2.R.p.O..V>Jw.yy..@.....]..9.&u..N..o..YE.3...KM(.]...IQ........L..8..UE..R.W.......l0..k..o...(.Q.."..,}n...@s.x.6......].....x..R.$ ....,.?.._......:._...(..,....W.h..,O.roFe...=?..,..s.L...Xa ..X......G^...|.'...nN{..KT...&.-..(....z.|.'.N.d..:....H..#'4......7..Y.....".CTEB...h.../....tl.f&....R.....t.559a20..p.Hi.N.&..bC....IxH....kM.e.Mxv.u...}.7...N.w.....cDN..........e......#@.6....9....F`h..~... .P..:h....P%SU.p..%#..G..>1C.h.....w.P~.Fye.m{.4.d..>..+......PZ..nA..h*......!.....<.....<E....k3....n..J...e....a.GI..oZ..w.R..y..~.#.c.i<.$..X]0.......E`@`.......:

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Italian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48032
                                                                                                                                                                                                  Entropy (8bit):7.996516407599824
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:kHqb6Olqm2afhUwNpJt3Lh1kOYjryiBuCVaOW48dDaaMEc9p97HNod+UMiz0iHpI:kHqeOl3EcbcOgBJaOR8dDaabc3bO+kgz
                                                                                                                                                                                                  MD5:9BABEC3C08A0821FB723C033645FF0F4
                                                                                                                                                                                                  SHA1:8B8F635835FA7C20EC9ACE4079497D46324D4602
                                                                                                                                                                                                  SHA-256:8090349E7F670AC61E1A4FE8DE6FFBCDDEED052314CB32750EE5C954472F7C77
                                                                                                                                                                                                  SHA-512:1DB6FFB564CD0C007E303C0CEE0F02DB7EF9D43AB81544D1C2B136B0B6F3460AE2F7A990290D7CC3908D1CB0E0282BDE6FA512CF14C518C7A6C17A18028B9DFA
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.6T?]......=.W...;o.I.c{#{.;|)..s.n~/..:...cz6.t|./P...4.-..4....}.BjUoV.H...._2H.<.[.....U..Iq...h.+HF].).z.._..1.....n.#s.|.....m{.....'`.......LQ.\DJ..>.k.Y..8l.t....Lw.0.=..bq..~...'."...'...)t.uOb+h.i.......]ts|tw......|bPrX.....*;..%..$L..v.|.3..*:.'gy.._.z5...)n.NU.... U...r.....(.b"y}.C..t,...z5)....(.0..).C..l....E.n.;=...=X..|.9.....|.....o..W0/8......'.,W.?;..rr..D.s+./.t.T..7..l...'..8...}.....D..L...0d.[.....#..%s.}..K.........O@.s...?V...7.f ._.....|.pO~....8:.(I.. ..~K.....5Ry),..|..(.9a..4.w(3._..._...n...x.J..Vf.?i.4'..I1L22......\-.TX>..x........|.@.W..?....[I.Jd.....?.{.(.......3d...x9....`\.-...p.b...p..I...1!.KDN...........:...di..)D...>C.....b,5.......q..L...j..S9/`v..7g.#.%.Q.........#pwkKC..~9.....[;......g....zuLV.)...i0`.@...#...0A&LCMH.&.M.......^'..(Xb.{.`..s'.k....w7..BUN#6..y.u......Y^..A\.x....UO).........`.0u.J...1.{.[.U....F.... T.O...0o....a#....s.j0...n.N......Gy....a..R.@.Y.....L..;....;9..j.P...XG....!

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Japanese.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):50752
                                                                                                                                                                                                  Entropy (8bit):7.996175639604411
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:jeBnCzg40bF/wWp+JW0PSgMjDUJeKv5qqWRQ:6og4+rAVM3rHQ
                                                                                                                                                                                                  MD5:63740682BD394B8D4D3979C5268C3B7F
                                                                                                                                                                                                  SHA1:7E74D5DA436498C9974A5F70A4100C7975A08529
                                                                                                                                                                                                  SHA-256:3EC5988B0964907BBE6E6110816EE8575F74E13DBA84287B733112EE4654010C
                                                                                                                                                                                                  SHA-512:0A12634F4190FB4F0C6F6D3C837B1FF6F3EAC21AB1765E704D50CDBCE0AD86423529E581457D3C0D391C2F865637B0C59C2DE502D40A7C9500E64AB300D8CA92
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:7..i.].z&S.....v.4.3...\w.R..x0.6E.N:o...$PB.M.....E...\.Y.\.jJ..<@Y.[F.....S.y>...5..12@....9.;.).`.o2bRa<..s9N....L<O...E.b.s.Q.."U..h-z.{.t.....l.Q$.&..A,..*....P...Yb.=S.*T....v...R$9........z.K..,9 .....o?O..;.]...^....{.z...4..-.`..@9.I..>.....Z&..../.,-.........].KY.+...|.Q.3p}..N..U.5.....,..h...N.Z.4~.hef#v=.. h..[se.2t....s#V..].|.B.x.fn.;4...D..pqz..'...-....*r,..y... ...7.J..I.8......j...I...:.y.*0....bF.OS..VpZ..v.&c...2.,.C3k.....@.Y.../......l..9..$D.;.P.<[h.s4MEG..]=.S*..G....l...V..4.P../..wq...s;..5'x.,.....1:.p.......kdt..*..d...(l..v....Z.l.......K9<2.*...o.~.V.do.'R.....^...!K.5......*..n.D..T..g."8<...+l...3;..C....Qf.C.5".=.4.'..'...._x.7../F..x..O:....:r.........nj.....'....>k.........[.LNN.nX*...Qv. 6%.a..(.....{..x..^.Ih.......)...j#...-.O.^.*...)h..+g.{....L.f...M.....l_+.C...m..$....i..:9s.....z.s,..W...zg....$.............i.?..Q.9.d:b.....Om..L.lH..\.<".*.!...4..(m.t,P....:....}&Z....On.5...(H.\D.`...C..2

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Korean.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46944
                                                                                                                                                                                                  Entropy (8bit):7.99693442690835
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:wzrYIbPKk6EWhJh49XQo9/BHoRJZ8xSJLG7e4X4d4aSKh0cdtdARp:yrDL6dYN1SdGS4C4aBh0ctAD
                                                                                                                                                                                                  MD5:9B82EDF3F29CD98E20BE6F1F0373083F
                                                                                                                                                                                                  SHA1:795CA4F5A4CC91D59848E0D609D805035AE9EEF7
                                                                                                                                                                                                  SHA-256:1CAB512FB90AB3E6A6F42DFDF648AE7288CA5EF8EB55426C1FA829B292DB55C7
                                                                                                                                                                                                  SHA-512:9770426D8AF8F039FEB5AC949B5F532D816F5CF966536122AF8AEAB832105EA3E90C1A87427808DD1E3E5E7C1FFEFC8E222D427A1D0DB1E667514E1185A71D18
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.+..lL.<....%,@\N&....K>..5.,e.H.4....#.p.*..31.8..hp.>..C.]F...b.....$T-M..7.R...=ZEM..P. .q.f..G..*x..`..<j..273......g..IO..AX.b..X~<.i......Az......*#....u..E.b..#-.+....8.....3.:E.e..2.S.s.9.......j@.#G...;[..8J.*..z.c.0..l..(.J.Qr,.60.(..q(...N.)..e..z.y.".q.>.f;.l\.&.E7;z..:hrs...3..=#........qI9...~.Bs/y....~.......\.h?..Y..my.+.r.KU..l.....a>......&.y!..M"R$Zb..&v...x....DI...|.....Z...&..a..p.1}.PF.ga.2V.<.5..t.:.."..uPz3.....=..Z.`..P.:..]L..5../.m.9....Y...U....o...e...qMf....k...{..9q.y.. .a.(~.*YX.-&./...j........EdQ.P...,.;.;..%... .6......S>eR.v....:.$..h..v...m.....NJ?.P=B.hJ.,g.......D..%}..0....x;r........[.u.;.w.sP..g....u.../...,.8.....6..wKr..........d....6.^].^M..._.>......?..t...p.hKN)[.s...*....a.d...R..*...8m?.(2/#.^d..kdw<.&o...k,3..z.yLA.DH...1.n(e....F..._..P..O'~........(....w.kC..O..G..........M....p..j.+.v...A.....W..r!(....C...1k.|..|........ &3....3n].j.<].z...Kc.d.......8...P"..(.8..b........0U...2.....C

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Lithuanian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49856
                                                                                                                                                                                                  Entropy (8bit):7.996267189250834
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:TLwOaTJnmSTLxnaE7ofsu3kFTQC2TWnjYvXW/abGFM:TLwO4Jn3TLhn2C2TWkvG/8
                                                                                                                                                                                                  MD5:E6A368A35D709E63C7BEA7AC035FEF55
                                                                                                                                                                                                  SHA1:2EBE9159DCF29EADC4CECEB052C78F1E061916E1
                                                                                                                                                                                                  SHA-256:F648CF9D6AB1E7F726CF5822477C09F069C7FF1F5CF752AC03767A896E239478
                                                                                                                                                                                                  SHA-512:D2AA3193A8FE6CB6A7C8053FC615AEF565F0999A147291D3BFD34CADAF85CABACA62787C7D06997DF18402BBD04DB8C95BC6A99164407B5949536160B089F1F3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:......W..D............A3..u...4..7..<..I.^.....'$.p&'.v=..c.R...Y.T..j.......E9.......~6:........7.<el...G.)..hO...\Y6b-.3.|N0.@.*)I........Q.k....u.[.jq;7.c.y.[...3.Lw...P4T....p..H.....b..O.h..E.O.$t8.........tN.Z<.<......nF.........h..]...s..)l..%.3...........K..9/#...*..f.V....m@".o..#........Z`..>.i...a.'.C..2.....Jb~..2...^....u...aC...-.H...d....g1W.=.+../....[.).@..[.!..k<.f.%.FKl...VI.....t.?.?..J..-.h....F....q.s..<....|+.=L.7..n..HL..S.*.r./....H.5&T...........%5.)..........b.xq@l.E(//...yX..x..&.....}...n=..T.....J.q.#ko=\ .$...3o.[.q.3..^....gq`..t..I.P...1.qO.......*.F\&.9.C..-....c.M?#'...h.....v..M,.&.......C..x.GU..%....j.2.}?..l./..z.{...$Z%.^.Zj..G!..*.d.;.J.V.7.bN.75.~p...Dg.....>...{..F*...*....#f......pNi;$8d7.h........EmAQ......ne..Y2.K>..%....&n.*..c."Q...,..(p.a;..+;.. .Du+....I..w../'..I.ssb...(TG....%..(..G..0)7.|Wk.-F..X.:...).?...Z....E...rM_....eWe...^~......m.....g.K~..`..DW..6%Q"...R....Y.A...

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Norwegian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):45984
                                                                                                                                                                                                  Entropy (8bit):7.996909164261379
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:QdNA/Y1o3lc2skDufiksq1EOv/spccjTl8HYGR0Pv3T5yyet+rd060ydi0OGuEiW:mAg1o3l3DOiW1EOnsycjTl8HFqA66VyX
                                                                                                                                                                                                  MD5:58437B307A946DE05E7D5CF7EF06A134
                                                                                                                                                                                                  SHA1:C93C8397F08976F6D741741F3B9C7F50946CC1B3
                                                                                                                                                                                                  SHA-256:49EF1BF1188AAFDBAB8BA546113B4C5792016386077047CC16BCC30534CE362C
                                                                                                                                                                                                  SHA-512:188D27AF0C86466DBCAF797C92F46C9281A91910384EF061BB8F4AB89062E567489EDAA8FB7C0C06B5B0FD331FEDD24EE25D50F3CF6E2D2D8E78F4D28C583E58
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:x.#..*f..H.....H.&3.C.-c.!.(.&...^.P..q..aVc.& oQ.Rh..n(d.w..ihc.C...}5l..9..^..-..1...K8.I5...\..'...A&T~R..-s ..V;../Mcls...<.6......[..!..3.).2#..}z.2.<U."...-Et..Wrh.(..s.$.,........x....S..B.`G......Y&.RmE..M.v..4..V5...&m.....9X-P...H.]..-.G......Q"......,`...+...@.*....#....j.^K.i.&.R...Y..E.)y.=.+....o^.{.H-.R..T....y7."R....k".'..g..=...]..>......Fs._.......^..w"C...n.`.`..o...\.i..hW..vd.v......f....S..o. ...'...n.O..@....^.V..D....R......6"I.X.).*{....;....".+..%....Z...~%B.....w@...oW%..(x.$z|.C..C...qR.8 ..X...a.U...0...@E's#p...u...."Y.L....~..@aL.G.<~.M....]............jr..{..ok...$.......r.vYJ.h... 3!{...Zf.6l.n..!?.....4^.'KY.+...h.NS...#...3...s....;T2.s0lK.L....oQK[..h.(.....'gb.Z..';......yu.5Z.G..@...%.`.".p4..a..\B..-.mP.E@.Q.K.M.#....."'k.>4.n..q.m......4.....\.t:=..k.........V...."c!...0.3.......?.-...!....m.5}..*b..q....S...ha.H....E..<..%N.a......h.B.r...9.'m\....=T."+&[CK&*...x.X.T....$..N...A.....v....=....pcL2.2

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Polish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):50560
                                                                                                                                                                                                  Entropy (8bit):7.99635386590933
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:qkvdPVG9smQCA1CMo6XJEGGfC4/p4g1EQrVmuLj+yQWCRKj0aaPbZr3z2BdOpypu:qcGs46bF814g1EQrcuLj+3f9VPp+ja
                                                                                                                                                                                                  MD5:85A7A579403177C9E3E60A25987AF90B
                                                                                                                                                                                                  SHA1:E8EFDC66C30DC0C07FB4557C3143F471C9E37053
                                                                                                                                                                                                  SHA-256:1D1E541BF51C145AA6AA6BCBEB7BDCC431B35594AFF6FA2DADDE44E65F733FD1
                                                                                                                                                                                                  SHA-512:3CE754BFF7A3AE082C8F3AF956AB70F508D21254C77EC8005BA02561DA0BA132A96621E2DEC22562D4211044EAD0853FF583F1E76CA8EFAFF4684B6CEBC1C014
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..U..}..9.I..K..P...g..D....|..}I./.6...S.9d...H...%.F.c.O........D5.1Q)....8s.&xj.(..=.gd...Mz.Uv..C-....]..`........U....BJ.6....R.]c..UWh...3..vw....2S...Y...dtG..A .6.].Hh+....G...AE(.F..`..>&..@H[...Fc.8...rL.T7...w....r%.....U..Y.o.....t.gxL.^...0..$MbF.t.(..#..[t..*......%.y{1..........hz...bl.[#...c\....$.C....$|...w.z...e.3.l...xNq.Us.!.).B.ex...>..... .r..2.@..x..|.C..{..A.[...#}d`..y..iU.6|'8.+...Y.8;...W........h{...y RV.*....H..C..w.^...T..D....D...% 4....&K.....S.$.?~..+G.D.....O....Zx7..B.)..,..nY..4.>4.G......?...{.....Z....r:.....,.. .......1.3..F..tP*.a..o.5|;2..c[..........r....;.D...7..$...E.L..._...:p....J..rx....W:.S..q.{.k5...o!/..9vO...]@.3DO3.h..=..D....F.R...n"..T .T.^..4_dx"..&.m(.V.S.@E..1|6\{$U.Q.Oz..A*4....`. ...q.....)....o..S.6......\..p..?..d.c.u.l........G......X.'..Y......s<.!..xf=...Cs....K..d..;.P.s...u....9_.=R.I..[.xw...i}h.........O.@..x...?......L.dL..+.C..P.D.}w7>/..*G.6Jp.....D..]vq..A.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Brazil).lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):47840
                                                                                                                                                                                                  Entropy (8bit):7.995625621538136
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:xTreCxDnt3oiPe36rG4dNoAvUYzCpZdWKyxb2HThB8nEy+zIG3cEvtFch:VeuqiPbG47oAvF+pZdWZx63N1Fch
                                                                                                                                                                                                  MD5:4ACF1F61F613FA0539913AC3DA59825D
                                                                                                                                                                                                  SHA1:9DDFE0769A5D3A8B3BE587FDE36D7CF6AF5281AC
                                                                                                                                                                                                  SHA-256:388AD6F6579A920E3709BA1081EF92DC9B7DAB86AEF82955A6111D9328CAA289
                                                                                                                                                                                                  SHA-512:E60F3C201378101DBB543D5EC2FAEF6A39D06CAE447FA98D31638F06B423AEAF953F27E7638355EEC32C66B13C69A51C9CD9C1B60075D3B2128191D833F149F5
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:='Mfh..f........a.....].Q0/..k..B.."?\H.=.z..P.l.(Wk...w.f._...b.......1;...L....W.....<..@./+a.m....z.C..S.AY..s..3....|...O...W.V...pAik..1.v..........:c.......6L.....w...t..Rp.nY_..F..7....2...u.a+.Y..I|W|..#M"[W...q..x%.d.w.'8'...b43..>=.).m...d\ ..;...r....=...LEE.Ci..C......._I~.......n..}....L..h.3T.9...\..b...u..F-q...8....'b{...48............%.'.3u..W...0Fv.pG2......Js.....6.<....-A...t...q(3@,........|H...E...BfM'~|A...L.-....Kx...(....;...:.; ...2......^..(..'.....2ns.....nL\...n..E.D.P..o.+h?...G.............ud..%.37@..5;W|K.j.5....>d..N..........Gqb_..0k.G.{L8.a.IP.M.2..0e03c.1Z[.O...|b...?.....v5...%.82.!......Xxf.s....-....LE..p.u..........$I..}X.".(....9._..}^.>.Kn..#<...&.<8dqdv...!W..B.z......XAAQ...4.].7_...G7_...t...i.@..-....!...-.D..s.vX..._.....n{.'.W".h.D...5w-Xh~o..-x.lD=..S..'..8..Szt..M7|...#..rH$d.U..e.v.".*....I>.9..s.H..e.-.O.~j..t..h.f.e;I%.)......"&..}..S(%'h3.SA.[F..... ..%.6f'.'h.L.........X..X,.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Portuguese (Portugal).lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48224
                                                                                                                                                                                                  Entropy (8bit):7.996408622809594
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:YgPomgYKM8lAVvoqOkg6s0316391nodXq2h1Ohro+urLYGzlGW3oTM:YXVAVAq46sy163II2h1OhronrLdzlP35
                                                                                                                                                                                                  MD5:5976967D6E02EDFA7283ABE2499FF861
                                                                                                                                                                                                  SHA1:0F88B636CB2D3120B103FD3AD36403B233152CA3
                                                                                                                                                                                                  SHA-256:B9B9FC82173138B02367D022796056C08B9AFFC1F863E4CE6324BAB50FEB831B
                                                                                                                                                                                                  SHA-512:512AD1D35492C97C1628F7A5F2E37000B74E5234D1421AE0E2B4CF2701C7FB47EAB414517103B2FC12ACFA656D156D11F7C9288D24C0616F3ED2F751DD264922
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..e.o.@R...8(X...-..m.|...3..[t.>.]......6.i..z...R..~2.....r....-$n....Gr.....L*..P.]...Z..ZiF.cs.>37.l..qB.\+..({c..*.&.+.....q..5...c.)m.eh..f..D..&G....}..Kh&r.%x;..].;...Lu33VR..7.Q.9c.m.=.......a#..Sh.x...6Q.....H.<.$b.l....l .+GV.5...(.w.....\\.yL.>=/.B^Q.5......%.99.\@.~....M..8|....7...........=.\P....e.;Dz.s.tz..n.t......m..p.ewZ...$2.N?s.|@fpb...o..$..<v.j...1*.aQ. K-i 58....k...+........k....-.~7F.S.#...{jS.a...e..x....Q.\..[ @{...9....>P..JZ....CL.I.+.?<..r...s0MI....w..E8Q...Wr......F...g8...b..6....6W|..A!.....g....pn.e.%..~..{...E{.............d..aD...9x......u...\....k...Y..>..E...............e1.y.7..r.;...<Xo...u.K.....h[...Qhy..h..0S.Jo...e]Y..g..=iR-@.B...A.*..u.V......D.l^%%....}..-+....+. ....M...p......p:.J.I'...=..[\d...-.... ..U.....R....ma....Op..Jj.c....".D-a. ...~%n%n...Y....)..6c.x..OS..+...I..R"..S.^...I..h...v...".q.`..g...tb..T...H..$^.....7..N.X.w;....~8R..J..2..W...q..+iB..$..c...T+..~Z...F..ss.st.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Romanian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49760
                                                                                                                                                                                                  Entropy (8bit):7.9964153063104035
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:X5n+heipyq7SeJkp2YGzFe7KRYJDcOLW7IQ0:5+xpyq7Se+p2XFpeJLz
                                                                                                                                                                                                  MD5:DC4BABB13A9ADDADCF7EC9272DDEE742
                                                                                                                                                                                                  SHA1:83BB3EE6809E79516EABB38946E5E017B47CD830
                                                                                                                                                                                                  SHA-256:9FA06B1113E8E92F0802C557996B040969F2E5F92D1A8A1950A889E2F35B253A
                                                                                                                                                                                                  SHA-512:29C9869BD6E609B37CDA206A9D2B5370B4DA0F2B987863B4D2B7EDA5002A45D09C8CEF1DD3BFFB0F6F2DED355D758253DB92B6CE346C8A8F56F189E3FE4802E8
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:].)>...?z......-..s..Xg93.p................9.....@.. oW.7.GUc.q.jj..=...3....J. ..U:Qa. +....A.Hr.R....Xy.{.V.Y........-k.m....Hj3).%l......X...?...S.4$.....)r...g.1.....F.]..j@.~......!....XP.1..=.t.6Y....QQ..M...".......e.On......{........B1o.....V>#...k.k.....)..+........1.}...g.SM..#.g.,[..X...\...GT5....:..R.B..h"8q.F..je........|....;....Wq.3.............?......3....<.6.....h.W.....].t^x.!I.....(S................;..&...Sq.N..:F;..z....S....l].HI.....>h.2i;.S..S..yWK......x...1;.j.I.+.....K.Ld vY~0....L.....5....~...&......<x....k..^.....8%...*..\g.^.H.U...d.G.D......<...x.3..J.:q..F(.d...T\....h.q...].*. ..#..... oC-&.2b........]9u. ..f.....A!m....\.g..*?...7......vd.~S.z.(.o...,R&.k.:...ud...S..F.....|..'....RN.....!<....u..+.EQ.?.....T3.m.B..%r...P...O.7...{O.k.j..x.b..4....U...:.e7.0.%eC.9.-.../z..._ I...i.r...1..M...=....BN..\..#...fD.~3ph.....h~.......=.G|d...h.r............]E........1..0'.!...m..H...h........:.Y.(.......d4~

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Russian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56800
                                                                                                                                                                                                  Entropy (8bit):7.9970102992115475
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:zywOP2/7BSAPayFnIniST+EwdqG3wEgJLxqzOT2xDCvajcwL:e/Ot5FKnikadx3I9AhxDCSwe
                                                                                                                                                                                                  MD5:9F9C51EBFB643D79E2843482F592DD89
                                                                                                                                                                                                  SHA1:108F9AC6A61B9395656FE3069C08360B527EDA7A
                                                                                                                                                                                                  SHA-256:A1871AE3F762E64A18E8A46BD2C175BBE15C40A63C2DDBB2E0CF32FEFFE9775E
                                                                                                                                                                                                  SHA-512:2BE920DACDC2947C4B2F8CC4F2B9CEE9D1BBF6D0C09DF8C2364722D765220ECC4CEC574F80FC95D7D0FB669E10C34FD616EA0432F46212282BEF7BEBD8D8126E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.S.D(...A$-..;..F..Y.......E..O.s..[...i..H....4..Z."a....;g(.j.<.+..^a/....6P.......~..^{\`..R.@..........>.B..>...<..p.>.Ir.....cO..?;....6~G>.#.o;./A<....9.....~....D{,c..x..."/..s.0b.....|....[...7`.&.F..!....z..{....n.....r........T.X(x..@...h........y#f..;.f...}..0.l.......Y......6..tt......n.x..}.E...It.f.).....R.:........{.....Pf..7)........CQv....1%.Uk.u.o.f.[.,.x..(.x..S9.......#.....q......`O.g..6.\.#..:...HAGQC.G.P..|...&4...w^..\..O.....Ty.w^.lo.%..../T.LM.u..^......M..?...XsX.m{.A_3..._l.....P...a...$.Ei....../o.y|N......Nq.*Z*...r...H..#.......H?.f%e..Y....*..(KR..Q...L.7o.,.Nm....G....`6...L...B.5.%.M=..v.x..\y.q.L..qK?..B.:R..w.".....@&G.}...3.y....<P...*...._....Gn....+..\....*.\...j6.5UA.n....1\.G_....u.C..m.\.9`..... ..D_.p.wi..!......ni}.`y.W..n..k)Ia.]kOi...m......D+.....Y*.k.N?M`..D$....)..IV=.1.'..$Z.t..8Anw....=.S:B,\D]./.nCo..^..^rB1m..e &. ._....@ fy.[.#.......,...G.\(?.5...n..}9....!....\.B....."Y.D:.Xw.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Serbian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):50400
                                                                                                                                                                                                  Entropy (8bit):7.996046989865242
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:PEzrJZnyxQpTXXTmkJXJ/HA9myX7KjFK8YdXIQIWw1XA:ej1TN/APX7EFKHBImQXA
                                                                                                                                                                                                  MD5:CAFFCCA11A26F706C9E42A81EF6BDA8F
                                                                                                                                                                                                  SHA1:409F1C47D59CCC025A4341AC4BFABF410DF8CBB5
                                                                                                                                                                                                  SHA-256:82EB2B19911E2C6CBD467CBFE193A8E4B307E4C85124898767D5FCCB25F4FD87
                                                                                                                                                                                                  SHA-512:BD012641EE0CD06BF74C0E2922D7B33CB1782A94CBFBB9C066A6EB39AB3354AC200FFD189B349E6A57A82D79F9D17622F813B1722BB247D0FA8B3DF6463AED43
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..D.)..S.x..$...X8...)...\7v......q...,.g.M4.....|.'..w..._..i..EN.P6..E...5~......F..~}...p0n.Jr.q...tL6.c?.....@..*`.@S..zW......sx6..'gol...Ek.0Bl ....*K?..h..,/..X{...........S[9s...(....2X,#?.A....B....+GD.[..X..>.j.X...e.h..........U.`K.#.....Cj.!..L.C...$E.+8...y.1'.k..3.Gi.nd'U...w.v7..D.k.M...... ... ......^........c1.......ox....Zv.`..g....~5}sm.. 6.(.....H......v...r?.b..........A...4..V..}....(.lq..mf.g..O..(.)(j..l]. .i..kL...G..{.o...................').e..S.I..\.p..........f.#......-a.W......03..Yw[._..c.V..<.F....l.(ou..8*..1.v....5..1g.........:S..#.NW...[.3n'..4..q..fgHg=)Q...jt....@..z......W.M....S.......v.......xJR.H.....J.H.T.D"..s.]7UwX..5..&.:...$h.)..hp=..E...K..p.....q.q.J.....8....f...3..3.........@.i.h}.B...G..c...3..d.*J.qH....TC.....I.@.CXX-.....ZO2..I.g.x~g..P.....|.>n.sWuZ.o..Wv..$...i.) ...y.5..........Z......r...........w..PWf le.:g...(.]B..z...7..q...5.C..ys.q',{.z..'..'....z..<...W..3/.M)..$.{w.C-&

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Slovene.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49024
                                                                                                                                                                                                  Entropy (8bit):7.996060916447486
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:2mvkH0KEnIbYjfPMBT4qkj7EYPrtmVMWJCGp58PKUd9RevBSKJ1xOl:+H0DnIMjsBT7y7EymBAjP1dL6Bt1s
                                                                                                                                                                                                  MD5:C9543B7FF82DF905540969271E56A2B1
                                                                                                                                                                                                  SHA1:7452274FE9BBAA09E74FBF41D2357FECD6040A1F
                                                                                                                                                                                                  SHA-256:A7202A0CC59A7A09B8D8EB5A3C6CBB6FBAB785750B0C2291AC8F5CFD4A56C631
                                                                                                                                                                                                  SHA-512:51BC5A8207F1A27E7C8652723ED5D287FC9CA8A81B495E2AA83342D56361A029D0A02ED4893CAEE24487B290FF3CAD6CF4C7566C9DA5717A3D0C506D3059F4E4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:RmF....(.F.%<)p...%...XB.f#..[...A^1...ZHhR_.y.(..".......mn..u7.)..2..<..~........t..4;w ..jV.v...tl..A>b..w"'..h)W2u.C./..$.,.um.Q..#r.Z._p.N..z...%Gr"'.....}f...eQq.*...#........Vb...cx.....9....'}......G..r/.t..9.C....&.6D=Z...#.x......K.U.;L.anT..>E.4Z....-W}..,.:..w...~I.l.4.)%...`qt......:...l .Ck.Pq....`G.nu.D.....S...P...T....a..I...,..R.....,!.(&~..4].......5..}..,...a....{#A&{3_An...f.j'*....wZ...)../f...t..Lf.X.v.S...X...o.S.ny.Hb.......oA.....eu...gbk.a.>w.....F...;B...2....<9A..QM.w..^J..P..|.m.Nl.....PT.......).&.N..;]..y..|o..Hr...mb..x.*.@..t...`..;.E..$.;.Fqd..S..D._..m.....wg.=....Z.+..w..e&..T..'..a....79..1%.......(8%.....m.F[g.G... ..bk...P01^...kn.^%W.".}...q.Bfs....o..F..[.j......K....w.....y@.n.N.."y...d.#..!...@...K]......bI...cU.|.<.M...*.6.z...j........\....P....t.s{..<.3+....j$..i.*>."...x....u..<.=..:A...?>g,J...v...OU=.)../.9.6......t...).(.tv..w.B....0..;..........t..L9Ze$.;U.n...*......OUWb6:...>./

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Spanish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):47840
                                                                                                                                                                                                  Entropy (8bit):7.996383987781172
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:K3zwfMYYUfSFDGQUhwktB26yA58bVqd3YXE2PUNCH0g1uZS+COkGheq4FuCzl5XH:K3MBSNmhtVZ8bVqdUE2PUNCHXAZ3bD4h
                                                                                                                                                                                                  MD5:EDC771A651BAEABBD4E5BA0E61166764
                                                                                                                                                                                                  SHA1:6EF66787341CB1050A4559D480BC843B78289A0A
                                                                                                                                                                                                  SHA-256:FCD15C7B0031BE60770428F2A0F40838FE84EF466F2DF17052C1BBA7A5BC3FBE
                                                                                                                                                                                                  SHA-512:1D14535907F33482B72C8131C8FFA2E1B45805991CF60EFB7A05A26D236893CB8F44D10444B551096E4582DDE61A6D5855F1B1C441098CD095C6607EEC2CC2B4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:.r.d`.^7.... %...o...@~..=....x...G..@^..Q.T.K...o.Y....u_.<-bxdwF....'..4.|.)....=....V.6.b-?y*.k!..9s.....V.Z.$..b..Lg...og...u_f.W..qb.pk..e..j.T.KyE.`1....'.?2....O|Y......H.q.\H|..,.A8.,k.L..5......-..BV.G.4.K.~Vq..^...E.....)Q.3.tJ....m.=.....;.#2....p.....}ho....K.pg8[#B.b..=..`...q".`b...LrC.n..np..L..{X.h...G.a.F.f.....cR....6K...-v.|n.7.....Tsn7..........#.8$..H........D.u..`).......uA..(gl.|....+.....z..:.H..w..../..m.M..G....To...VGI...Go..bY.o..3.&,e..u..%N....A9....tQ+3p....<;...&..,..E.a.2;4.9$..`&...a..q..!e....!..L...:..._.;.;u.$P....tW...+.6...R.*..@__%i7.4r.......3.C..F.m....2............+.Ts.9.U...F....V.:*.o.Qy .....P..i.[.^.1P.6.r77.Iff.vt...=..3..!b..gB.......GZi...I.o.T...GFhd.3.*.\7.I.`(..V.5..r.[.m.H..!.\|..o.%.._Old.t...*.....V.4<^....M.N..s..ZB.@..Wa8.[..%.5.p..c9.w..hjD.....i.,.=+k.D.I..%..q..mD.....9:Gn.Q..4@.)Us.Q.6K...x...$..>/... L.V..4... ..{..J+..y..`...&:h#.g@/.Xm..j.I...O.....NFn..4.1......{.+)Q..8.. (.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Swedish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):47360
                                                                                                                                                                                                  Entropy (8bit):7.995550966019205
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:RxEQKc76f9lm3Gc7u0Re1/nrzGgN/mgoTOmhibA37t96E:PMc76VlmWc7uOU/r7/e5wA37D6E
                                                                                                                                                                                                  MD5:086C30E3A434837B293290032963A7FB
                                                                                                                                                                                                  SHA1:8A21DF3E6FF91DD383C3B373C7B645A4AE3DDA44
                                                                                                                                                                                                  SHA-256:999337F8B71378A31F1D818B4CA5A1CBF2CC01128D7ECC50CA8E234FC52B5AD2
                                                                                                                                                                                                  SHA-512:807D5DF44E1A8412FDBB3C55E06D1D09C84543E6D6942194F6793197D8BA00D9A0F16C2B4F28CB02233D9406DEC37E5610B55058B948E145058DEFAE06B55F7A
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:h...1...r..~v6'.{... LO=..@........).n...u|..<..O.l.[z........G.>.......[......Rg......>..xt....4+.....+......r....$yO..MB...XF...:..z..TR...u.....t'....[FY*h..a.......7.wl.....Q..=...r.w..rs.4"....`..V.7...$...L..1....".....'.u..........h..Crq...S.".3...2........G.G...J.U.~.....%.&.p'..!........e.j#"...8..0.....'...Lf9Zr....@h...]:.....E..qF.~.-..[..=0...^...q5.PSF. ..(=.'.....T.l....2..qM.15[.F..K....fQ..I:...FF..s..Y6J.9....\5..29.......)..'...-...B.\y...+.y...t..^..d..}.@pj.8i.M.g.@.L......qc...`].z..u...Q..,.....S.h..lr.......f.p...P....v'I..E@5|M.x....J...M........=...cK.*PA.sv.>e.>....z......Aj.L..@.YQJZ0.x......o`i./oM....cz.a..{.ov..Q..o7E.T;~...K.\.h.#..5...Fp@h.Tu~.Bp..f.<xA......~..'..Q[b.bM.o..bP......Y...uE..O},.}.0.5N....M.|mB......0D.V........."7.o.a..... '..v.N..C..).....4_.$.gX......>!..wb...6.\J...&v.</..HN.$.bt.....H:....z.Y.>_NF]..;.>.u. O.....h.-1g..:...TU.h...?...s.).{....l...v..K.x......}H...P....Vw..

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Turkish.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48576
                                                                                                                                                                                                  Entropy (8bit):7.996319364768242
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:768:MXc828+Y7CefJ03GAdEIsH9GkJ68o6nMhnIcIa8+iGmHk8daCP1f8lzRGLpnMn+K:Ms828+oCefJ03TTb8TnMhnIa8+iRHk8S
                                                                                                                                                                                                  MD5:CD0D7648ED08183FE8D4D1E788B16557
                                                                                                                                                                                                  SHA1:930947B114E3EB06543190EB93437CD8F9DB0DE8
                                                                                                                                                                                                  SHA-256:3AF1D3C81E0959E1BF30554472E1E71554F11BB03736471E8158CA21FA0EF271
                                                                                                                                                                                                  SHA-512:9002D56B59F3F58A4EF4CC5BFBC04D05B043845687B60EAC113F32C181F3FB02135BA91264562F0E7C2E9E16EB23C3F5B14A8DEDD658E34F256E779C1BEF4141
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:..........9....3.W.t.=.3...o.jP.....uP.eH<..0....{(.vHl.s{~.wK..`...b..s....cX..>bu.l..I$.B....7C@...]..9!.+......r...k./....."...{.+eC..i}..Rt.0q......" FMc..=...!..O]..HY...........P.nd.].S.+W})J....m......%N5S..Ey.%A.i.Q..-....y.H....?...V.....8..}X.nN_..o|k>..`..8<[#V0..._.-#.M.:....=.......V...y+....@.W.m..... .9.....o5..m.^....U.68...K.D..\.......q..2-......N..o.j...i..4.)....i=dea~~.aZtd.YK.2A.....zJ.jx...0...>..=(.U.9.p...w.I...]w.1.0..2..."...........#...0K%.^..T..N.7..l......).).....R".....7Ye.II[....4FX...W..b..Z.=f(<..........\v{.....f.~.n..56....5..]pp.z,..It..Pp....2...y.....+)K....dpbb.....c8;Q.#[..R*..{.G.E.iJ.....d(.....dR....-..Vs.l.xd...E~..LEi\!=4..M9.z(..>.*C.a.~l.50:..If..-W8..8...%..k}....t..N.R.mG..M...&O>x..Ao[..t`.c..t}x.._.%5...*.+.'.Z...X...@Dj.`..l.\E.].......M.h......T.S.k......X..p)....I.....v)M...}...F...Rf.....I.....-..7..6......{.@..6D.....(.].p........DZ...........%...n.`.H.z._.q.........n.1.._t

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Languages\Ukrainian.lng

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56288
                                                                                                                                                                                                  Entropy (8bit):7.996902131172993
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:uMIhdReDtAraGB5YMM5r9t74N3tIhHH5L9LD:u1hdReDXMM5rT75/L9/
                                                                                                                                                                                                  MD5:D740E315307ADCA0117DC4A12CD88A24
                                                                                                                                                                                                  SHA1:61BF9A0D773F2742BA0A01095F9E4611CA38EEF4
                                                                                                                                                                                                  SHA-256:040F6028A63DC21960DF65066BF14CB38B3A562637EF7716991AA38B97C3168D
                                                                                                                                                                                                  SHA-512:260E5E7180C427ADFFC6DF1DF1308805366CEF219BBE67097281C42AE24157E8758B3AA65EC80A83C65C1207C72F66A0930811E2314DDDF0860222DE22146308
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:I....._..A..rQ.a.K...o.FI.@..3...z...n..(.....`...V.*.i....>J..!.JL].`.;Z..4......!...._.a....%3qB.../.?b.....}.MTC...yQ.,g...v.q...KW.$\0K......E.9.C`....0.....1...rH.v..cJ2...P.=...B....%...y.G.Z.].4.O.^i.P..n%-........J.X.I.J'.D....(8.#d&....`.._..`r.{t?....0.....U@...{c..1..%M\7...A..D.....\)_..<..\...R....m...M.\.g.2;b..E.....z>..3P..k..Q.<...d.:0."`..;.>b]nF.jN.G&~%...........P....d..a.......2.L.U.......9...Lkk...0>G.I....{`....X...a.%.<#B3s....p.Pan.(.[Y..0....5.?P5.V.C9Y..SI.T.S...jD(..Y3..../Bj~......g...k&N4,..*.VX..:4.X ...k.N...x...@{...(.fI.k......v...../..#.#A(.0~3-../&.?7%....3`...s..35....u......g.....~..:.#.0....!\BD.... ,.$...@..!Sr4.....H..e.ku<..E..3z.....j.k.g........&..#.t..=.6.tL.^Tb..........%.wE/.l.&kB<.m...M.S.{..k....>T......%.,...[.P.f&.#..`..<.R..6.L...r...U....x.W../...l..........V..._..y.|p2...x;.rYw..d^......z....Lt.....x..Vr)..E+j.......S..=h%...P!.i..F.....H..j.a1......z~.|..u}..3.R.q...DSR>/.D;...nl#.M.z

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\Native.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):63464
                                                                                                                                                                                                  Entropy (8bit):6.542288481337166
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:96yRcovNvvLkY6CyB1QU59VZtXxznwC2duTmAyVM5DXcE9oPxXWxX74PxWEmP10:9Lcov9TxJKHzTbSuaNC57iPxXW1MPxZ
                                                                                                                                                                                                  MD5:49C446627D85AB0A3C6E731FAB4723A0
                                                                                                                                                                                                  SHA1:554EB949392543B02F553858923B52CB7943F159
                                                                                                                                                                                                  SHA-256:F6540D6953ABE9853744B317341FEB138104A9D78662F08B7136D61A67E5DB4F
                                                                                                                                                                                                  SHA-512:0F2213606329EF81E44CBD2CF1B0A42B7E93C8C8B96597A0B16DF979005F1D1A3566A1CE2B53A220AB06C99B8295203E51B2753E76D699C04500A1A340C2664A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......so..7...7...7...A...4...7.......>v8.5...>v..6...A..6...>v2.2...>v/.6...>v*.6...Rich7...........PE..d...vP|Z.........."......n...@............................................................@.......... ..........................................(........................K...........................................................................................text....m.......n.................. ..`.rdata...&.......(...r..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..B.reloc..<...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17032680
                                                                                                                                                                                                  Entropy (8bit):6.59177505889633
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:393216:E4DreTdP6z84yCDy5m9eDG2EIPZLOYy2G+Q:E4Didiz84yCDy5m9cBLdXQ
                                                                                                                                                                                                  MD5:F2F6BF33561C9EF8FE3310D46A3C8A25
                                                                                                                                                                                                  SHA1:09761F024FC32B61FA0667BA9DBE8322BC93F0A6
                                                                                                                                                                                                  SHA-256:34EC1126BC2AF019E1226BA114AD38CC6773F9640DC0EE0E5715F5423D47615E
                                                                                                                                                                                                  SHA-512:55407986BF5592A7A9DFFF5B72AF598F2E9660B44B9FF9A60D772BD8560F2D3875BB525E2CA79DF2F93C56FED52C9A39EFFBF9353486A346B7444EF8447ADFC7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: MALWARE_Win_EXEPWSH_DLAgent, Description: Detects SystemBC, Source: C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe, Author: ditekSHen
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$..........qRx."Rx."Rx."...#Ex."...#.x."...#Fx."...#^x."...#\x."...#.x."...#.x."4.."]x."...#Px."...#fz."Rx."Lx."...#yx."...#Sx."...#Vx."...#}x."Rx.".z."...##|."..."Sx."Rx|"Sx."...#Sx."RichRx."........PE..d.....Rc..........".........fG.......u........@....................................Q.....`.............................................................0................K...P...%..P'..p....................)..(....'..8...........................................text...b......................... ..`.rdata...Y2.....Z2................@..@.data...Iv...@.......$..............@....pdata..............................@..@_RDATA.......p......................@..@.rsrc...0...........................@..@.reloc...%...P...&...t..............@..B........................................................................................................................................

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):549352
                                                                                                                                                                                                  Entropy (8bit):6.448794633744019
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:p2KqjCl6BatX60NlFxbueeCk7bTkN4vvcrVrp6Ms2sriIHVohJgkelZW0:pJq2MkN60RFuLCkgCn0dp6MSD1orgZy0
                                                                                                                                                                                                  MD5:F9FA9D3B5957F0C365A20DE5C71EC214
                                                                                                                                                                                                  SHA1:8E6B91CBA2C323D2BCF29229E69DE5F44F5FC8FE
                                                                                                                                                                                                  SHA-256:CF6B1A1B75B0090A59E8A41A52F7E63C249559407A67F0744AAAB15B210B1FAC
                                                                                                                                                                                                  SHA-512:493B7015027043018A7A8FE9030867889F4AB93621FC3F3E45106490B95CCA8FB95D9447FB3C074C122B86B6C47B24C8ACA3ED134132EFD1DC263ED4120CCF8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.j...j...j...1...a...1...x...1.......1...g...j.......8...{...8...`......h...8...3...1...k...<...O...<...k...j.k...<...k...Richj...........................PE..d.....Rc.........."............................@..........................................`....................................................x.......`........A.......K..............p.......................(.......8...............p............................text.............................. ..`.rdata..Z...........................@..@.data............ ..................@....pdata...A.......B..................@..@_RDATA..............................@..@.rsrc...`...........................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):857064
                                                                                                                                                                                                  Entropy (8bit):6.597191080622984
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:1kCtesF95/4mjZexpz63VlZOWPBA8Jgi1z:B395/DcxBkM2Jx9
                                                                                                                                                                                                  MD5:8863C0F4CC264B818749049F8251D0E1
                                                                                                                                                                                                  SHA1:B95CF183E3955F5E91E9BBAEA436F095E33CDEA5
                                                                                                                                                                                                  SHA-256:538ABE97A7D5B1C301E8EE72E5E8B8CBA58AE74369C567F5F1E6480506C6EC34
                                                                                                                                                                                                  SHA-512:0E6DE997B81195F9517D19A878CB43E87E2915B8236AFB3B430C4A1AE6002FC51888FA96356F49D66BAB7B952DA15C13EE5EBDF32B38BA0E20C588343F3333DA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........<^WG]0.G]0.G]0..53.L]0..55..]0..(4.H]0..(3.M]0../5.E]0..(5..]0..54.\]0..51.V]0.G]1.[\0..56.F]0..(9.l]0..(5.C]0..(4.F]0..(0.F]0..(..F]0.G]..F]0..(2.F]0.RichG]0.................PE..d.....Rc.........." ................x.....................................................`.................................................L...........X.... ...].......K..........`...T....................!..(.......8............................................text............................... ..`.rdata...P.......R..................@..@.data........@...(... ..............@....pdata...]... ...^...H..............@..@_RDATA..............................@..@.rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18037736
                                                                                                                                                                                                  Entropy (8bit):7.132271432325441
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:196608:ZssPoaV55EByQ6+Lzs2rqIaG7f1GMRlsdGDlOH88KegZkH:Z5AG55EUh+k2rn1GIsMEGnZkH
                                                                                                                                                                                                  MD5:096FA37EA53BB15959E9EEF9FD3F2745
                                                                                                                                                                                                  SHA1:733FA736561BD9FF34B5946D60D0FEB1AFBEF95E
                                                                                                                                                                                                  SHA-256:4F08CAC75CB5A4F5B204986C1F7AC12FD04008E4B10425862A59F0A79512E922
                                                                                                                                                                                                  SHA-512:6B62A2E4DFBD7F2E46F61E52F9AA9DA618C3072D8C17C7784FB9281231A95D8D3E3A1AC2DE7663287F2FB4BC31E87DEB847415629EE173CDC3ACE94CCBE33A63
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......wN].3/3.3/3.3/3.hG0../3.hG6../3.aZ7.'/3.aZ0.?/3..]6.8/3.hG7../3.U@.9/3.hG5.2/3.aZ6.\/3.hG2../3.3/2..-3..]7..-3.3/3.-/3.eZ:..-3.eZ.2/3.3/..2/3.eZ1.2/3.Rich3/3.................PE..d....Rc.........."......`..........P.W........@.............................0.......&....`.....................................................h........;K.....`........K.......X......p.......................(...p...8............p...............................text....^.......`.................. ..`.rdata.. .+..p....+..d..............@..@.data..............................@....pdata..`..........................@..@_RDATA...............X..............@..@.rsrc....;K......<K..Z..............@..@.reloc...X.......Z..................@..B........................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\data\acpdata.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1440
                                                                                                                                                                                                  Entropy (8bit):7.873396989507999
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:pHhWsHQrKrsnxHBHkmPid6N9RJ6yFaoZPb5mflkbtNcrhcIqczH1ZEnyE1UfMqGo:dkKyxHBEmaY/J6yFTZP92yzLIxbgnXU7
                                                                                                                                                                                                  MD5:C022DCA528E122811414BA401861354B
                                                                                                                                                                                                  SHA1:185035A39224FFB8C456C95EB9FB2A8D2C173694
                                                                                                                                                                                                  SHA-256:49E16EFA204072C5068B83C826F5941C376FFE98222BABAB253DA3F8320CB9D7
                                                                                                                                                                                                  SHA-512:8BC83270EBFEAC31FDF732738C9CD3613E7940F01C28DD1DE967D4E3972FFDFAFA97944FD1BCE176DF4C09996CC334DD7092DA5E435F2F7300E42516D1FD19EC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:5.w.%>......o.m.rh...@..UFdN. ..=..k.\.....(:...e....v.i...........R .4.4i.)..Q..X.8...........U.......+.,.Hg....Fz..v...iV.............n....?....v...^.$.F.z.....0.t.6V..V..e.....N.....q.F.Ts&_......H...x.}....r.._c.Z......(@Q.~..j.. .k..h.S..]X$......WPB.\o...X....b..V.o....H`E.[...;..O.....y..~].....I...x..........w.1..O.t2.&.87.~./.,{...JV...R....(..C.....yC.X.....5....6.O.0.. d.}P.....V..~...b...{R.1.!.&.z....s{2..=..^w....>...B.ZX9o..a.......)...F7.....4..Y..h.q...#...(d.......ua=D..9.@...+....K~..E....W|#.54..$zR..!.Nt..w"...*..&..l?qA.r.....a......W......@e."n.s.^1...Z..G..0.F.$.pu$.....y......T..N............=....... ...ml.._.Fr1Z.+.ePv.$.....5.-..@.50.F..8pI.#V#.k..^.....p.-yb^....T%r.....+.9.....*._.)4.@..."...K.B..P..;3.X.c.A...Wh[8...8Ll.0.....7.cP..N.b\0.C..{]S.0;A.3..JK..k?...=....;$.>...."B.#.....:...1....j.'..N.r..6g.....U...I.LT...........Y......^..ll.].....$..n..X.........V.P......%.Q...W....z..^.C......Gt.q.k

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\data\acpwl.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59520
                                                                                                                                                                                                  Entropy (8bit):7.996845650623955
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:1536:iT2cwNpgV1w57Ls0wlFDbxeambZsimilRWFw/1/JIqwjF:iqcOpywVQ0w3dweilRn1/mJ
                                                                                                                                                                                                  MD5:F8294ADDA1A1FDF38BED854604B67A2B
                                                                                                                                                                                                  SHA1:2E1766B3B2A9F2B848F8FF57E68C7F154E95CFC6
                                                                                                                                                                                                  SHA-256:D4A9CEB2B406964D95777D9C2DC46363701D9CC96365C77D4A661FF256969109
                                                                                                                                                                                                  SHA-512:B50C1BB9401C69BB1ED4D0CF3C1731C102618A5D83EAC82AA22F2CC02ADB0B34365CED25BAE695BB05D183C4935A70D6F1335603824BE6FDF5390B6DD0B6FC52
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:......7.=Hu..'..wo7..&t.F.D. .....u.XDb...H...7..F....9...{....y(..e3.I.Z[?Z.a..a.i.W..n7.,]h.../.[..........B.."5....Xl..A%...:.{....(..tUC../.-.._....M....'H.sD.`....zvq.].."#.n....g......v.....y&..U.....=..G~..Y.S...Z.[..;....b:..I..LZ<....6.4..J..vxu...Y.h66A._ ...F...V7.ys.&..g$k..yzM...8`L.u.,...........}...P.C~w#4:.......\n....:..k....7V\.......(r&..^...ks...$..aW..X.I......iuT.....v.I............0.fi.:...n_...Ef.c.G...0.g...h.O...zb..u...2t...W.6....B.?..~xQ...-...C.h.&...3..^,J.]e..}...6.........;.y4|.}...p>....Q..KM]....?.W.~Y.W.............V.g.s.i^n..n..O4{....:N..j.l...Qh...M.1.-.....R.0W..E...KmAs.h.WC.0k.X.4.V..1.a.]..$*B......P@.Q..C.t..EU.b.HyX.(.K..y<...<..Ya..r..).rq.$...;A.W..P.a(.2.D..N.....0.qg..:...Aos.F3c.......-V.!Mh.6.d.].".V..6.*Q..=.......@9.........Q.i.u.{.....EK...a.Y.$...O.q......e.*...G..2.&V.`'.4.....>.....@W.m.D.l\..Igy..5V.~.l.5..y...,...t.B..]+/....D..]...PG.)...=....T.32.R.|.u.W..gr.v.-<..M.....J.

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\license.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1644), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):107716
                                                                                                                                                                                                  Entropy (8bit):5.2003181449234575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:FjNLzj07ABLuLmxJJcHj9KlyvLBPjvlXjAjRU0eFljo73FT6TlN5Z7jw769MVDZk:7ZxJJchby6FdT5hgK
                                                                                                                                                                                                  MD5:66507057FFDF4CAF36C3061C80D2D08F
                                                                                                                                                                                                  SHA1:281F661AEA3D9042A1147BC29769537BFADD6219
                                                                                                                                                                                                  SHA-256:A80E70A5E036EAC0C75354D4EE0E4147D606DEBBDDB704435C96CF2DE2C8C777
                                                                                                                                                                                                  SHA-512:B00FABA46CFAE27CFE9B92A5211EFACB315EC98C752EE9E022F1F2D5CDEC12477D228C0CE45ADFBD973C3AAAF50292F53C7A06C8516D96317D674E73B85B5737
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:SpyHunter 5 and SpyHunter for Mac - Additional Terms & Conditions....===================================....COPYRIGHT NOTICE..... 2017-2022 EnigmaSoft Ltd. All rights reserved.....Third party code may be aggregated or distributed with EnigmaSoft's proprietary and copyrighted software. The copyright notices and license terms for such third party code are detailed below.....===================================....SOURCE CODE DISTRIBUTION....Certain third party licenses may require distribution of the corresponding source code. ....You may obtain the complete corresponding source code from us for a period of three years after our last provisioning of this product by sending a money order or check for .5 to:....EnigmaSoft Ltd...Attn: GPL Compliance Offer..1 Castle Street..Dublin D02 XD82..IRELAND....Please write "GPL Compliance Source" in the memo line of your payment. This offer is valid to anyone in receipt of this information.....===================================....LIST OF COMPONE

                                                                                                                                                                                                  C:\Program Files\EnigmaSoft\SpyHunter\purl.dat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):128
                                                                                                                                                                                                  Entropy (8bit):6.613204882778696
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1caYq43OVKCoPADbaVotoQISUbuFLS1PN5to3qIm:1cmXQcaVMoQIKxG1L
                                                                                                                                                                                                  MD5:C13C63D7C052C923DCAE07E181EE5F3F
                                                                                                                                                                                                  SHA1:6C7B36F191BF16F1531C4351705117B28DA1C1A9
                                                                                                                                                                                                  SHA-256:A09417F649A518F5171C055BCDAFF7928AD855E9D4921D1373D51499B27262FA
                                                                                                                                                                                                  SHA-512:36766A6C39054E4E32CF63EE9C28512CC3BB927998DA4037DCEFB6C3B988C55046A2B230C85F3AD992D2F27577938DF80F9318FF21B5779AADFFEA56D81253BF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.T....3.?..K......bn...._k'./...0'.I........D.....C.7.y..}.V.m. :ec:x........sg.fb. n%'<.k.D.9">...=....\...k.....w......V.

                                                                                                                                                                                                  C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6881256
                                                                                                                                                                                                  Entropy (8bit):7.120994762388773
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:Hh/MyJC5zMggmeTN1YBi9MCL8e7Wf7teFSiFMMrFDnl9KMBlcbhHEjZD:HXGAggm48/y8e7Wf7tYFM99HEp
                                                                                                                                                                                                  MD5:2816BACD01B0D8C48F1D8714C6AA6F0F
                                                                                                                                                                                                  SHA1:474AE88D9CF093DCB9789CB7B79513E0DBD38388
                                                                                                                                                                                                  SHA-256:637720BA1437FD6DEA873E56A6A1D7BB3C663E490ABC4E406E3817DD2EB82C4F
                                                                                                                                                                                                  SHA-512:8BC78E625A8BE14DC54185E1CDD63F4CF85B5FDCD32EA532FC00E2F805EF9D241D2B3E89E582779B167113CA7B4DABEE60B56F3EACDF4BDC4B5F56C15C823AC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......C.o..............X.1....X......X. ....d.........................J.......!.......................&...............7..................................Rich............PE..L.....Qc.................dC..L%......(.......C...@...........................i......#i...@...................................Q.T.... U.0\............h..K....f..D...lN.p....................lN.....plN.@.............C.H............................text....cC......dC................. ..`.rdata..D.....C......hC.............@..@.data.......@R.......R.............@....gfids........U.......T.............@..@.tls..........U.......T.............@....rsrc...0\... U..^....T.............@..@.reloc...D....f..F...ne.............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\Uninstall.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):699
                                                                                                                                                                                                  Entropy (8bit):3.0819274522482916
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:8Ul0g0i/kdjHLolgpROXG62MmolgdqP62ib7olgr3wS:8UlFIvOgXJ7RZ
                                                                                                                                                                                                  MD5:C08C660064F10A88A1276AB26D020D20
                                                                                                                                                                                                  SHA1:75C99ED08455B1A570CDCD95BE856C3249904A11
                                                                                                                                                                                                  SHA-256:31FCA4C6FADB51AADAB22AE9C3E81D7BD85346F42B5DA1825E1C72CD9B3829C9
                                                                                                                                                                                                  SHA-512:F6C07FEBBEFFAAA26966FD882092E35E8B4457E70363E2641442B4B2412E881B0AAB3F75E2D0AC192722F422EC8EB3FF865834898ADBAC2314EF223C75EC90DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:L..................F........................................................}....P.O. .:i.....+00.../C:\...................b.1...........ProgramData.H............................................P.r.o.g.r.a.m.D.a.t.a.....x.1...........EnigmaSoft Limited..V............................................E.n.i.g.m.a.S.o.f.t. .L.i.m.i.t.e.d...".t.2...........sh5_installer.exe.T............................................s.h.5._.i.n.s.t.a.l.l.e.r...e.x.e... .....R.e.m.o.v.e. .S.p.y.H.u.n.t.e.r.3.....\.....\.....\.....\.....\.E.n.i.g.m.a.S.o.f.t. .L.i.m.i.t.e.d.\.s.h.5._.i.n.s.t.a.l.l.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.E.n.i.g.m.a.S.o.f.t. .L.i.m.i.t.e.d...-.r. .s.h.5. .-.l.n.g. .E.N.....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):369512
                                                                                                                                                                                                  Entropy (8bit):6.2987418401396384
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:cVRijf0pLl3/W5FBNoRIa9G+iLBZ0OSxqxu1GUhH++Lf1M131s4E:PTkLl3/W5FBNoOac+pxqM1Lhe+pjX
                                                                                                                                                                                                  MD5:EDCE372DE488AA221DA7DB7544C09B3E
                                                                                                                                                                                                  SHA1:E684BE09C22E93B12AF9F78508E5422B83CBE0FC
                                                                                                                                                                                                  SHA-256:DBC0B0AFEAE1E33F3F8FA2384BBBFD2F787ACA1C75BF2E5372812B3DA33A7EFE
                                                                                                                                                                                                  SHA-512:89A21C8C4D4963B02E36CD887B071B866CEBAFC1F8E04AAB6CF043746AADB37799644E41FA3B1DDB1E297593B0035693E151B9B5ECF95041E0796BF47174E6B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8s..8s..8s..j...8s..@.8s..@...8s..@..8s..@...8s..@.8s..8r.J8s..@...8s..@.8s..@.8s.Rich.8s.........................PE..d...y.4\.........."..........|.......H.........@....................................V.....@.....................................................d.......h.......h:...n..h5......H............................\..(.......................h............................text...,........................... ..`.rdata..T...........................@..@.data...0........,..................@....pdata..h:.......<..................@..@.tls.................R..............@....rsrc...h............T..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):369512
                                                                                                                                                                                                  Entropy (8bit):6.2987418401396384
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:cVRijf0pLl3/W5FBNoRIa9G+iLBZ0OSxqxu1GUhH++Lf1M131s4E:PTkLl3/W5FBNoOac+pxqM1Lhe+pjX
                                                                                                                                                                                                  MD5:EDCE372DE488AA221DA7DB7544C09B3E
                                                                                                                                                                                                  SHA1:E684BE09C22E93B12AF9F78508E5422B83CBE0FC
                                                                                                                                                                                                  SHA-256:DBC0B0AFEAE1E33F3F8FA2384BBBFD2F787ACA1C75BF2E5372812B3DA33A7EFE
                                                                                                                                                                                                  SHA-512:89A21C8C4D4963B02E36CD887B071B866CEBAFC1F8E04AAB6CF043746AADB37799644E41FA3B1DDB1E297593B0035693E151B9B5ECF95041E0796BF47174E6B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8s..8s..8s..j...8s..@.8s..@...8s..@..8s..@...8s..@.8s..8r.J8s..@...8s..@.8s..@.8s.Rich.8s.........................PE..d...y.4\.........."..........|.......H.........@....................................V.....@.....................................................d.......h.......h:...n..h5......H............................\..(.......................h............................text...,........................... ..`.rdata..T...........................@..@.data...0........,..................@....pdata..h:.......<..................@..@.tls.................R..............@....rsrc...h............T..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\esg_setup.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):64482
                                                                                                                                                                                                  Entropy (8bit):3.6977172223896666
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:N4V4eQwLv9jFCT1SkDIt1k5ponTjmz2PpZAkeVk87TEOTy+xosG7n3LDP:CJ
                                                                                                                                                                                                  MD5:871AF5558358AF9D68F605E35E486424
                                                                                                                                                                                                  SHA1:FC9643C563CF33B90ECC95C8850EB62986EE866D
                                                                                                                                                                                                  SHA-256:023BF5BFF8326ED17FB03C4F396F50771D53FD5D0C424A9000CD2E9CCFD03555
                                                                                                                                                                                                  SHA-512:9BBB73251D9CC96F92FB392876DD0C24DB004EE0138489667EE48B97BFEBA968C4804AE7C01F133EE1BDD0DE3992A5384DE8329E3122C2446798FF0EA0B8BF56
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:[.1.].[.2.3.:.2.8.:.5.6...3.6.9.].[.0.0.5.8.6.4.]. .(.2.9.3.). .I.n.s.t.a.l.l.e.r. .3...0...8.1.9...5.0.5.0. .(.0.7.0.8.4.9.6. .:. .4.d.d.d.8.7.2.4.). .i.n.i.t.........[.1.].[.2.3.:.2.8.:.5.6...4.1.6.].[.0.0.5.8.6.4.]. .(.2.9.6.). .H.W.I.D.[.f.7.4.b.e.b.c.d.e.5.4.9.2.8.6.5.1.4.5.4.4.9.b.1.0.4.4.2.5.0.2.5.]. .H.a.s.h.:.[.2.8.1.6.b.a.c.d.0.1.b.0.d.8.c.4.8.f.1.d.8.7.1.4.c.6.a.a.6.f.0.f.].....[.1.].[.2.3.:.2.8.:.5.6...4.1.6.].[.0.0.5.8.6.4.]. .(.2.9.9.). .O.S. .v.e.r.s.i.o.n.:. .W.i.n.d.o.w.s. .1.0. .P.r.o.,. .1.0...0...0...0...1.7.1.3.4.,. .6.4.b.i.t. .=. .1.....[.1.].[.2.3.:.2.8.:.5.6...4.1.6.].[.0.0.5.8.6.4.]. .(.3.0.4.). .A.r.g.s.:. .8.3.8.8.8.9.3.....[.1.].[.2.3.:.2.8.:.5.8...5.0.9.].[.0.0.5.9.1.6.]. .(.3.2.3.). .[.s.h.5.]. .5...1.3...1.5...8.1. .(.W.e.b.).....[.0.].[.2.3.:.2.8.:.5.8...8.6.9.].[.0.0.5.9.1.6.]. .(.5.2.). .F.i.l.e. .R.C. .r.e.g.i.s.t.e.r.e.d.[.1.].[.5.0.8.4.8.].[.9.7.6.c.b.0.0.8.b.4.9.0.2.c.a.8.f.7.b.0.f.a.f.d.6.7.c.c.8.d.7.f.].:. ./.s.h.5./.a.l.b.a.n.i.a.n...l.n.g.....

                                                                                                                                                                                                  C:\sh5ldr\initrd.gz

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:gzip compressed data, was "newinitrd", last modified: Fri Feb 9 17:19:34 2018, from Unix, original size modulo 2^32 4180998130
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1048576
                                                                                                                                                                                                  Entropy (8bit):7.9952417172698125
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:12288:M6bKggdUNSAChsS7CalpLtMGclsPz0Nvn8WCOrkct9ces20Y8/EiaDrsnLr3PN1U:bKgoU0N2lw0KWhkcDce2uYfmjr
                                                                                                                                                                                                  MD5:356054D8D017B1CD5C7130D30ACB1FAA
                                                                                                                                                                                                  SHA1:536BF38B34297D48D24A0DD58A9C20E3DCD9CB69
                                                                                                                                                                                                  SHA-256:2F9A0353058B4F0A11B531819A48D85CEF0D8B343F33910D77EE33549F3DE857
                                                                                                                                                                                                  SHA-512:FC99CDCFE0B115A3ED388C116E7C6360FCEBA372EAEDA63DA91FD8451645BF8B41828D6C902E131D13C6DA98DF2A5E6A990B7C3C5E310AE7F520E74CCB7CB489
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:....&.}Z..newinitrd..Z{p\Wy?.7..y..)....D.-iwe).K.......$.QY...{W...n.+Y....&...v`...1..04.i..v.Ny.Q.B..3!...fj&.........{%..C..j..~.{..u...Yg....e.......,>}..a..F.7...`......s}..O.....~....|..j........7...?.._....h...q.........u.9..3.Jn^..!......?.co..y....L...1o.#78x...#...L...v.[7.{A.L!6..5....f.C.S.g.....3..W...2.[..@......LY..B.(....d%o......S"....:.... .p.....{zI.k.3M.`Q..]r.HCw0}..........;...I8..,A..*N..X...J>iG...A9f:..Y.T.!......13.....s$..FI..P.9.B....K.0.S,...X.V...uI.#k.$..I.Ll..uI..........K.a..[.5...E.X.{...@+...~p..i98.|dprrpb..]...I....d..E..a..;..T...F&.>.....}..A.9:>=125%G.O.Ay`prz|..}.........Fz..2I)......G....n.}e.c....yi..&.j......^O..3.Id!h...%.t.K.z6..).Z....C^..Hw........1j. ~..^..r........\.....S.=I..z....N....9..L...........B.W.j...3y,.:.e.M.....tG...m...2..:..0pFv..`.:%gw..N.....k....).5x..FR!.......M...V2.0E........\..`'Cu.....]......M.X..:d..,.j..\.4.LA.LI.^6!.UY.R(.).]....T....M.<o.S..u..lg^V.H0r

                                                                                                                                                                                                  C:\sh5ldr\shldr

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:DOS executable (COM)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):270476
                                                                                                                                                                                                  Entropy (8bit):6.649640171668803
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:AHvZF0wXVHGMvtxkRhmB2xB4+AINF4/KaigfHvU:AHv4MiiB2xB4+A1Ki/s
                                                                                                                                                                                                  MD5:D4FBD43D0BA1237AC37545E278D0414B
                                                                                                                                                                                                  SHA1:55E05CE5F96B9891547E6248BC6972847271707A
                                                                                                                                                                                                  SHA-256:1D458FE14A87DA3249766163996359A2BCEF33ECEE15501A52A81F8B03FE04BA
                                                                                                                                                                                                  SHA-512:ED084E82A7AB6280C724AA40A45E603AC66F11A2662093F299CDBD07FB7C20FE90573F9E4E69607F48896DF83A59234A3DF2634A3AF171CEBFA862B8C2B53ED6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:.>.. 9...........................................................1.......[..K........Sj[...A..f.>..........y.f.>..X..u..@.h. ...............K......QS..[Yr........1.1........f.GRU.f9.u....... ..f9.uJ.r;......$?t........h...1.`.2.as.`1..).aOu...y.w/.......r.w...1.....1............RVWU...]_^Z.....f`......`.. ...."......f1.f1.f..$...f.....$..".....1.V..|W..V.............f........ ....fa...h.......<.u....Missing helper..........X.....P....r0.>..U.u(.....Kj@.......;.f1.1..D..u.8T.u.f.D.E.s...................................................................................................................[......"....1.1...f.t<..t.1.f1.f@u......U....f.......D....\.f.D.f.D.....f`.B._.fa.fP.[...f@.............fXf.>X.....u.......[...........S.......Q............u.9.t... .r;.....1.1.......h1..... ...1.1....................Ku..+....p.. x..............-.....-....Ku..1.....f1.6..f...............N............1.... ........../menu.lst...............................

                                                                                                                                                                                                  C:\sh5ldr\shldr.mbr

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:DOS/MBR boot sector
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9216
                                                                                                                                                                                                  Entropy (8bit):6.64401103615787
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:19tH9JfvwQkeDDL1IjmK2YbfknoZusHC1jIKYBSZV:TTJf4QxDiCK2QknyHHC1jIKYBSn
                                                                                                                                                                                                  MD5:2B0B4E8E51E7B754A9E3F086BBC1D98C
                                                                                                                                                                                                  SHA1:CC133E92C2206552D7C0BD6DC77811FEB45431B1
                                                                                                                                                                                                  SHA-256:8F6293B3DD067EFE6AD19CD5CB9201871FA3AE865F55D23DC5A1BF428BC4C5E0
                                                                                                                                                                                                  SHA-512:26771424BADF099614554113E1525DB3B5522B95540E34A1EED15FA5E0955CD5B6655F1A5B00F233F37CA91C7BB3658C6FEADFD67744A663909ED2322D426084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.^.. 9...........................................................................................1.......[..k.........Sj}.h. ...............K......QS..[Yr........1.1........f..M.f9.u..9..... ..f9.t(f`...............s.u.faf9.uM.......&....r3......$?t........h...1..K.s.u...\............r.w...1.....1......M.....RVWU...]_^Z...... ....fa....`PSQ............Y[Xr...u.as.`1...aO.......<.u....Missing MBR-helper.........................................................................................U........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\sh5ldr\vmlinuz

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Linux kernel x86 boot executable bzImage, version 3.18.5ESGi (enigma@enigma-mindo-xdev) #3 SMP Wed Feb 4 13:13:25 EET 2015, RO-rootFS, swap_dev 0X2, Normal VGA
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1048576
                                                                                                                                                                                                  Entropy (8bit):7.998369627630954
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:24576:iANSKABQg2hQTjn83uRq5E8p5g5GSfWatSU/alzP/eg:FAehQTz8U2Jp7Sfb/awg
                                                                                                                                                                                                  MD5:EE6BEB0699A62B528A6927A13672E1A2
                                                                                                                                                                                                  SHA1:5E47E0D14246ED311BB8CE774426898A53E8DFE8
                                                                                                                                                                                                  SHA-256:87AA518948A8BE0BCAAB8E9694E29EDE2AD87D4742A5B702F35014D91EB31A7D
                                                                                                                                                                                                  SHA-512:5617275FE4920F387A48BF4C8DB1A40CBE291E9B8F76558D6996B9865E8205D44A517A5BB009BF6E873EF0453AE8F4260476CC1506720D973A817E01CB6495AC
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:...........1....-.. .t..........1..........Use a boot loader....Remove disk and press any key to reboot...........................................................................................................................................................................................................................................................................................................................................................................................................c.........U..fHdrS.........1.....................P..................................y.....'...................m...........9..t...P.....t...$.....s.1...u......f.....h...f.>.=U.ZZu...=..Pf1.).....f.f..+..f.....f.........8...t......f.....f`..,......f.fa......f...f.......f`.f......g.|$D!.t......f...,fa....f.f.fVfSf..4f..f...u.f.....f.....gf.D$.f.!...g.D$...g.D$...g.D$!.g.\$ f1.gf.T$.f.....f.J...f...Pf..t!f.....gf.Q.. u.fNt....f...f....f..4f[f^f.fSf...f..gf.....t.fCf.Z.....f...f[f..No setu

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.120994762388773
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                                                                                                                  • Windows ActiveX control (116523/4) 1.15%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                  File size:6881256
                                                                                                                                                                                                  MD5:2816bacd01b0d8c48f1d8714c6aa6f0f
                                                                                                                                                                                                  SHA1:474ae88d9cf093dcb9789cb7b79513e0dbd38388
                                                                                                                                                                                                  SHA256:637720ba1437fd6dea873e56a6a1d7bb3c663e490abc4e406e3817dd2eb82c4f
                                                                                                                                                                                                  SHA512:8bc78e625a8be14dc54185e1cdd63f4cf85b5fdcd32ea532fc00e2f805ef9d241d2b3e89e582779b167113ca7b4dabee60b56f3eacdf4bdc4b5f56c15c823ac2
                                                                                                                                                                                                  SSDEEP:98304:Hh/MyJC5zMggmeTN1YBi9MCL8e7Wf7teFSiFMMrFDnl9KMBlcbhHEjZD:HXGAggm48/y8e7Wf7tYFM99HEp
                                                                                                                                                                                                  TLSH:D666DF12B641C171E5A302B2997EAFBF987CED200B2458C7E3D45E7D4E702E26637B52
                                                                                                                                                                                                  File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......C.o..............X..1....X.......X.. ....d..........................J.......!.......................&...............7..........

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:f8b6b45971a6ee70

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x68a7d4
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x63510DF3 [Thu Oct 20 08:59:31 2022 UTC]
                                                                                                                                                                                                  TLS Callbacks:0x689cd0
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                  Import Hash:fa3740f07f6d2725edcaa42e6d766d63

                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                  Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                  • 6/19/2020 2:00:00 AM 6/13/2023 2:00:00 PM
                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                  • CN=EnigmaSoft Limited, O=EnigmaSoft Limited, L=Dublin, C=IE, SERIALNUMBER=597114, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IE
                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                  Thumbprint MD5:C1CA2DE9B1FC80CB6991C5E96BFDBB56
                                                                                                                                                                                                  Thumbprint SHA-1:9B7616BF6F93FFDEB04A6998A944512C1C753015
                                                                                                                                                                                                  Thumbprint SHA-256:5F5216C99F6851AC1FF36BECDE318E5ECF54222D051E2D4EB142165657C7630F
                                                                                                                                                                                                  Serial:0D52114AABA1B5E4B4B1ACE58C319E4E

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  call 00007F09C09B57F5h
                                                                                                                                                                                                  jmp 00007F09C09B4943h
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                  lea ecx, dword ptr [esp+04h]
                                                                                                                                                                                                  sub ecx, eax
                                                                                                                                                                                                  sbb eax, eax
                                                                                                                                                                                                  not eax
                                                                                                                                                                                                  and ecx, eax
                                                                                                                                                                                                  mov eax, esp
                                                                                                                                                                                                  and eax, FFFFF000h
                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                  jc 00007F09C09B4ABEh
                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  xchg eax, esp
                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                  mov dword ptr [esp], eax
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  sub eax, 00001000h
                                                                                                                                                                                                  test dword ptr [eax], eax
                                                                                                                                                                                                  jmp 00007F09C09B4A99h
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                  lea ecx, dword ptr [esp+08h]
                                                                                                                                                                                                  sub ecx, eax
                                                                                                                                                                                                  and ecx, 0Fh
                                                                                                                                                                                                  add eax, ecx
                                                                                                                                                                                                  sbb ecx, ecx
                                                                                                                                                                                                  or eax, ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  jmp 00007F09C09B4A6Fh
                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                  lea ecx, dword ptr [esp+08h]
                                                                                                                                                                                                  sub ecx, eax
                                                                                                                                                                                                  and ecx, 07h
                                                                                                                                                                                                  add eax, ecx
                                                                                                                                                                                                  sbb ecx, ecx
                                                                                                                                                                                                  or eax, ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  jmp 00007F09C09B4A59h
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  mov eax, dword ptr [esp+14h]
                                                                                                                                                                                                  or eax, eax
                                                                                                                                                                                                  jne 00007F09C09B4ADAh
                                                                                                                                                                                                  mov ecx, dword ptr [esp+10h]
                                                                                                                                                                                                  mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                  div ecx
                                                                                                                                                                                                  mov ebx, eax
                                                                                                                                                                                                  mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                  div ecx
                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                  mov eax, ebx
                                                                                                                                                                                                  mul dword ptr [esp+10h]
                                                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                                                  mov eax, esi
                                                                                                                                                                                                  mul dword ptr [esp+10h]
                                                                                                                                                                                                  add edx, ecx
                                                                                                                                                                                                  jmp 00007F09C09B4AF9h
                                                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                                                  mov ebx, dword ptr [esp+10h]
                                                                                                                                                                                                  mov edx, dword ptr [esp+0Ch]
                                                                                                                                                                                                  mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                  shr ecx, 1
                                                                                                                                                                                                  rcr ebx, 1
                                                                                                                                                                                                  shr edx, 1
                                                                                                                                                                                                  rcr eax, 1
                                                                                                                                                                                                  or ecx, ecx
                                                                                                                                                                                                  jne 00007F09C09B4AA6h
                                                                                                                                                                                                  div ebx
                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                  mul dword ptr [esp+14h]
                                                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                                                  mov eax, dword ptr [esp+10h]
                                                                                                                                                                                                  mul esi

                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x51fda00x154.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x5520000x115c30.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x68b4000x4be8.reloc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x6680000x344b0.reloc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x4e6c000x70.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x4e6ccc0x18.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4e6c700x40.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x4380000x948.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000x4363cc0x436400unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rdata0x4380000xeb1440xeb200False0.41603846856725146data5.84204624071673IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0x5240000x2bee10x1ea00False0.12552614795918368Matlab v4 mat-file (little endian) \334, rows 8, columns 8, imaginary4.35694874016997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .gfids0x5500000x9b80xa00False0.3890625data4.1212839696841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .tls0x5510000x90x200False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rsrc0x5520000x115c300x115e00False0.9782669815564552data7.982123610094004IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .reloc0x6680000x344b00x34600False0.6026486053102625data6.676291391323307IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                  RT_ICON0x553ff00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5546580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5549400x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x554a680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5559100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5561b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5567200x9a5ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5601800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5627280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                  RT_ICON0x5637d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x563c380x34dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x563c6c0x34dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x563ca00x34dataEnglishUnited States
                                                                                                                                                                                                  RT_DIALOG0x563cd40x34dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x563d080x60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x563d680x480dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5641e80x60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5642480x3b60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x567da80x37c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x56b5680x38e0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x56ee480x3b80dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5729c80x39c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5763880x3d40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x57a0c80x4180dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x57e2480x6960dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x584ba80x3dc0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5889680x41c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x58cb280x3c00dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5907280x5fePNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x590d280xa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x590dc80x7c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5915880x340dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5918c80x18fa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5aa8680x7a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ab0080x2e0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ab2e80x260dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ab5480x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ab7c80x360dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5abb280x240dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5abd680x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5abfe80x260dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ac2480x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ac4e80xf3e0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bb8c80xa40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bc3080x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bc5880x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bc8480x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bcac80x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bcd480x360dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bd0a80x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bd3480x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bd6080x260dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bd8680x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bdae80x520dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5be0080x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5be2c80x280dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5be5480x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5be7e80x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bea880x360dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bede80x140dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bef280x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bf1c80x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bf4680x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bf7080x260dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5bf9680xd460dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5ccdc80x2a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5cd0680x340dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5cd3a80x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5cd6680x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5cd9280x22180dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x5efaa80x221a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x611c480x27000dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x638c480xc20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6398680xd20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63a5880xd80dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63b3080xc80dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63bf880xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63cc280xcc0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63d8e80xd00dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63e5e80xd60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63f3480xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x63ffe80xc60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x640c480xcc0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6419080xf40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6428480xd60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6435a80xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6442480xe40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6450880xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x645d280xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6469c80xca0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6476680xd20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6483880xfe0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6493680xc20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x649f880xd20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64aca80xd20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64b9c80xc40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64c6080xd40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64d3480xd40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64e0880xee0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64ef680xd20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x64fc880xd40dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6509c80xe60dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6518280xd00dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6525280xbc0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6530e80x840dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6539280x80dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6539a80x760dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6541080x820dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6549280x940OpenPGP Public KeyEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6552680xac0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x655d280x1060dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x656d880xac0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6578480x920dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6581680xaa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x658c080x7a0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6593a80x820dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x659bc80x8a0OpenPGP Public KeyEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x65a4680x8c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x65ad280x16c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x65c3e80x7c00dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x663fe80xa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6640880xa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6641280xa0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6641c80x2c0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6644880x460dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6648e80x2e0dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x664bc80xc20dataEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6657e80x19ePNG image data, 15 x 60, 8-bit gray+alpha, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6659880x28cPNG image data, 30 x 120, 8-bit gray+alpha, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x665c140x31dPNG image data, 30 x 180, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x665f340x31dPNG image data, 30 x 180, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6662540x5cfPNG image data, 30 x 180, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x6668240x5cfPNG image data, 30 x 180, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x666df40xe9PNG image data, 15 x 60, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_RCDATA0x666ee00x152PNG image data, 30 x 120, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                  RT_GROUP_ICON0x6670340x92dataEnglishUnited States
                                                                                                                                                                                                  RT_VERSION0x6670c80x348dataEnglishUnited States
                                                                                                                                                                                                  RT_MANIFEST0x6674100x820XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2020), with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  gdiplus.dllGdipCreatePath, GdipCreateRegion, GdipSetClipRegion, GdipSetInfinite, GdipGetClip, GdipDeleteRegion, GdipDeleteGraphics, GdipGetImageHeight, GdipCreateFromHDC, GdiplusShutdown, GdiplusStartup, GdipImageRotateFlip, GdipGetImagePixelFormat, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromResource, GdipCreateBitmapFromStream, GdipClosePathFigure, GdipAddPathArcI, GdipResetPath, GdipDeletePen, GdipDrawPath, GdipSetPenDashStyle, GdipCreatePen1, GdipSetPixelOffsetMode, GdipSetInterpolationMode, GdipSetCompositingQuality, GdipSetCompositingMode, GdipFillRectangleI, GdipDeleteBrush, GdipCreateTextureIAI, GdipSetImageAttributesColorKeys, GdipSetImageAttributesWrapMode, GdipDrawImagePointRectI, GdipGetImageGraphicsContext, GdipCreateBitmapFromScan0, GdipDrawImageRectRectI, GdipDisposeImage, GdipCloneImage, GdipAlloc, GdipFree, GdipCreateBitmapFromHBITMAP, GdipSetImageAttributesColorMatrix, GdipDisposeImageAttributes, GdipCreateImageAttributes, GdipDeletePath, GdipCombineRegionPath, GdipSetSmoothingMode, GdipGetImageWidth
                                                                                                                                                                                                  USP10.dllScriptStringAnalyse, ScriptStringOut, ScriptStringGetLogicalWidths, ScriptStringGetOrder, ScriptStringXtoCP, ScriptString_pSize, ScriptString_pcOutChars, ScriptStringFree, ScriptString_pLogAttr, ScriptStringCPtoX
                                                                                                                                                                                                  CRYPT32.dllCryptDecodeObject, CryptMsgClose, CryptQueryObject, CryptMsgGetParam, CertGetNameStringW, CryptHashCertificate, CertGetCertificateContextProperty, CertCloseStore, CertEnumCertificatesInStore, CertOpenSystemStoreW, CertFreeCertificateContext, CertGetEnhancedKeyUsage, CertGetIntendedKeyUsage, CertDuplicateCertificateContext, CertFindCertificateInStore, CertOpenStore
                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                  WS2_32.dllWSAIoctl, closesocket, WSASetLastError, getpeername, getsockname, socket, ntohs, connect, getsockopt, htons, setsockopt, send, recvfrom, listen, accept, bind, shutdown, getaddrinfo, htonl, gethostname, recv, WSAGetLastError, WSACloseEvent, WSACreateEvent, WSAEventSelect, WSAResetEvent, WSAWaitForMultipleEvents, WSAEnumNetworkEvents, WSACleanup, WSAStartup, select, __WSAFDIsSet, ioctlsocket, freeaddrinfo, getnameinfo, sendto
                                                                                                                                                                                                  PSAPI.DLLGetProcessMemoryInfo, GetModuleFileNameExW, EnumProcessModules, GetProcessImageFileNameW
                                                                                                                                                                                                  KERNEL32.dllCreateEventA, GetLastError, MoveFileExW, InitializeCriticalSectionAndSpinCount, RaiseException, DecodePointer, DeleteCriticalSection, DeleteFileW, Sleep, GetCurrentProcess, SetLastError, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetTickCount, CreateFileW, HeapFree, QueryPerformanceFrequency, GetProcessHeap, lstrcmpiW, QueryPerformanceCounter, FindResourceW, GetUserDefaultLCID, GetDiskFreeSpaceExW, LoadLibraryW, HeapAlloc, GetProcAddress, CreateMutexW, WaitForSingleObject, ReleaseMutex, GetCurrentProcessId, GetLocalTime, ReadFile, GetFileSizeEx, WriteFile, RemoveDirectoryW, GetFileAttributesW, SetFileAttributesW, GetExitCodeProcess, EnumResourceNamesW, SizeofResource, InterlockedDecrement, GetModuleFileNameW, MultiByteToWideChar, LoadResource, GetModuleHandleW, InterlockedIncrement, SetDllDirectoryW, LoadLibraryExW, FreeLibrary, FileTimeToSystemTime, SystemTimeToFileTime, TerminateProcess, OpenProcess, OpenMutexW, GetSystemDirectoryW, SleepEx, InitializeCriticalSection, WideCharToMultiByte, VerSetConditionMask, VerifyVersionInfoW, FormatMessageW, GetEnvironmentVariableA, GetStdHandle, WaitForMultipleObjects, PeekNamedPipe, GetFileType, CompareFileTime, GetSystemTimeAsFileTime, GetEnvironmentVariableW, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleExW, SwitchToFiber, DeleteFiber, CreateFiber, LoadLibraryA, ConvertFiberToThread, ConvertThreadToFiber, FindClose, FindFirstFileW, FindNextFileW, GetSystemTime, WaitForSingleObjectEx, MulDiv, ExpandEnvironmentStringsW, GetLongPathNameW, CreateDirectoryW, CopyFileW, DeviceIoControl, LocalFree, GetSystemInfo, GetNativeSystemInfo, LocalAlloc, ProcessIdToSessionId, GetVolumeInformationW, lstrcpyW, lstrcatW, CreateProcessW, CreatePipe, SetHandleInformation, HeapReAlloc, GetComputerNameW, GetCurrentThread, GetLogicalDriveStringsW, GetDriveTypeW, GetModuleHandleA, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GlobalSize, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FindFirstVolumeW, GetVolumePathNamesForVolumeNameW, QueryDosDeviceW, FindNextVolumeW, FindVolumeClose, lstrlenW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, MoveFileW, SetFilePointerEx, GetTimeFormatW, GetDateFormatW, LockResource, GetLogicalDrives, DeleteVolumeMountPointW, DefineDosDeviceW, GetVolumeNameForVolumeMountPointW, SetVolumeMountPointW, GlobalMemoryStatusEx, GetLocaleInfoW, CreateEventW, CreateNamedPipeW, GetLocaleInfoA, CreateTimerQueue, DeleteTimerQueueEx, CreateTimerQueueTimer, lstrcmpA, FileTimeToLocalFileTime, lstrcpynW, RemoveVectoredExceptionHandler, SetUnhandledExceptionFilter, AddVectoredExceptionHandler, IsBadReadPtr, VirtualQuery, FreeResource, GetFileSize, CreateSemaphoreA, DuplicateHandle, ReleaseSemaphore, CloseHandle, SetEvent, GetStringTypeW, EncodePointer, CompareStringW, LCMapStringW, GetCPInfo, ResetEvent, WaitForMultipleObjectsEx, OpenEventA, SetWaitableTimer, ResumeThread, CreateWaitableTimerA, FormatMessageA, UnhandledExceptionFilter, IsProcessorFeaturePresent, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, OutputDebugStringW, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, VirtualAlloc, VirtualFree, LoadLibraryExA, GetStringTypeExW, LCMapStringA, GetStringTypeExA, RtlUnwind, GetModuleFileNameA, WriteConsoleW, GetACP, GetFileAttributesExW, SystemTimeToTzSpecificLocalTime, CreateThread, ExitThread, FreeLibraryAndExitThread, SetConsoleCtrlHandler, ExitProcess, GetCommandLineA, GetCommandLineW, GetConsoleCP, HeapSize, IsValidCodePage, GetOEMCP, IsValidLocale, EnumSystemLocalesW, GetCurrentDirectoryW, GetFullPathNameW, SetStdHandle, FlushFileBuffers, GetTimeZoneInformation, SetEnvironmentVariableA, SetEnvironmentVariableW, FindFirstFileExW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEndOfFile, GetTempPathW, GetVersionExW, CreateProcessA
                                                                                                                                                                                                  USER32.dllOpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsClipboardFormatAvailable, GetClipboardData, EnableWindow, SetTimer, KillTimer, SetWindowRgn, IsCharAlphaNumericA, ScreenToClient, UpdateLayeredWindow, SetCaretPos, SetActiveWindow, GetKeyState, DestroyCaret, ClientToScreen, CreateCaret, ShowCaret, HideCaret, InsertMenuW, TrackPopupMenu, MessageBoxW, GetSystemMetrics, LoadAcceleratorsW, LoadStringW, GetClassInfoW, DispatchMessageW, PeekMessageW, RegisterClassW, CharNextW, TranslateMessage, UpdateWindow, SetForegroundWindow, LoadImageW, GetWindow, MonitorFromWindow, EndDialog, GetWindowInfo, LockSetForegroundWindow, MapWindowPoints, EnumWindows, GetWindowDC, SetWindowTextW, InvalidateRect, GetDC, ReleaseDC, GetFocus, RegisterClassExW, IsWindowEnabled, SetRect, GetClassInfoExW, InflateRect, IsZoomed, DrawTextW, IsIconic, GetCapture, TrackMouseEvent, SetFocus, SetCapture, ReleaseCapture, GetCursorPos, PostMessageW, ShowWindow, RedrawWindow, GetDlgItem, GetWindowLongW, DefWindowProcW, AdjustWindowRectEx, CallWindowProcW, GetWindowRect, DestroyWindow, IsWindowVisible, SetWindowPos, EnumChildWindows, CreateWindowExW, SendMessageW, IsWindow, OffsetRect, LoadCursorW, SetCursor, SetWindowLongW, GetClientRect, GetParent, PtInRect, BeginPaint, EndPaint, UnregisterClassW, ExitWindowsEx, GetMessageExtraInfo, wsprintfW, GetUserObjectInformationW, GetProcessWindowStation, FindWindowExW, GetWindowTextLengthW, GetMenuItemInfoW, MessageBeep, CreatePopupMenu, GetActiveWindow, IsDialogMessageW, DestroyMenu, BringWindowToTop, TranslateAcceleratorW, LoadIconW, TrackPopupMenuEx, RemoveMenu, AllowSetForegroundWindow, MonitorFromPoint, GetMenuItemCount, MoveWindow, LoadStringA, AppendMenuW, PostQuitMessage, DialogBoxParamW, GetMessageW, GetMonitorInfoW, LoadMenuW
                                                                                                                                                                                                  GDI32.dllTextOutW, GetTextMetricsW, StartPage, EndPage, GetBkColor, SetTextAlign, GetTextColor, GetDeviceCaps, CombineRgn, GetDIBits, ExtCreatePen, LineTo, MoveToEx, ExtTextOutW, CreateFontW, GetObjectW, SetBrushOrgEx, SetStretchBltMode, GetTextExtentPoint32W, CreatePen, Rectangle, SelectClipRgn, IntersectClipRect, SetBkColor, CreateSolidBrush, SetTextColor, SetBkMode, BitBlt, CreateCompatibleBitmap, SaveDC, SelectObject, CreateCompatibleDC, DeleteDC, SetViewportOrgEx, ExcludeClipRect, RestoreDC, DeleteObject, CreateRectRgn, ExtSelectClipRgn
                                                                                                                                                                                                  ADVAPI32.dllCloseServiceHandle, CryptSignHashW, OpenServiceW, OpenSCManagerW, GetNamedSecurityInfoW, GetExplicitEntriesFromAclW, InitializeAcl, SetEntriesInAclW, SetNamedSecurityInfoW, QueryServiceStatusEx, ControlService, LookupAccountNameW, RegSaveKeyExW, RegEnumValueW, OpenProcessToken, RegQueryValueExW, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, RegSetKeySecurity, AddAccessAllowedAce, SetSecurityDescriptorDacl, ConvertSidToStringSidW, LookupPrivilegeValueW, GetTokenInformation, GetLengthSid, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegEnumKeyExW, RegCreateKeyExW, RegDeleteKeyW, RegQueryInfoKeyW, RegCloseKey, DeregisterEventSource, RegisterEventSourceW, ReportEventW, CryptAcquireContextW, CryptReleaseContext, CryptGenRandom, CryptDestroyKey, CryptSetHashParam, CryptGetProvParam, CryptGetUserKey, CryptExportKey, CryptDecrypt, CryptCreateHash, CryptDestroyHash, AccessCheck, IsValidSecurityDescriptor, CryptEnumProvidersW, AdjustTokenPrivileges, GetUserNameW, DuplicateToken, FreeSid, OpenThreadToken, AllocateAndInitializeSid, SetSecurityDescriptorGroup
                                                                                                                                                                                                  SHELL32.dllSHOpenFolderAndSelectItems, SHParseDisplayName, ShellExecuteW
                                                                                                                                                                                                  ole32.dllCreateStreamOnHGlobal, CoInitializeEx, CoTaskMemRealloc, CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree, CoTaskMemAlloc
                                                                                                                                                                                                  OLEAUT32.dllVariantInit, SysAllocString, VariantClear, VarUI4FromStr, SysFreeString
                                                                                                                                                                                                  SHLWAPI.dllStrCmpNIW, StrCmpIW
                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                  MSIMG32.dllAlphaBlend

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  No network behavior found

                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:00:28:54
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  Imagebase:0xae0000
                                                                                                                                                                                                  File size:6881256 bytes
                                                                                                                                                                                                  MD5 hash:2816BACD01B0D8C48F1D8714C6AA6F0F
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                  Start time:00:29:44
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe create EsgShKernel start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe\"" DisplayName= "SpyHunter 5 Kernel"
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                  Start time:00:29:45
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:00:29:45
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe description EsgShKernel "SpyHunter 5 Kernel"
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                  Start time:00:29:45
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                  Start time:00:29:45
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe create ShMonitor start= demand binPath= "\"C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe\"" DisplayName= "SpyHunter 5 Kernel Monitor"
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                  Start time:00:29:46
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                  Start time:00:29:47
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe description ShMonitor "SpyHunter 5 Kernel Monitor"
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                  Start time:00:29:48
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                  Start time:00:29:50
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe config ShMonitor start= auto
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                  Start time:00:29:50
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                  Start time:00:29:50
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\sc.exe config EsgShKernel start= auto
                                                                                                                                                                                                  Imagebase:0x7ff76c340000
                                                                                                                                                                                                  File size:69120 bytes
                                                                                                                                                                                                  MD5 hash:D79784553A9410D15E04766AAAB77CD6
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                  Start time:00:29:50
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                  Start time:00:29:51
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\regsvr32.exe /s "C:\Program Files\EnigmaSoft\SpyHunter\ShShellExt.dll"
                                                                                                                                                                                                  Imagebase:0x7ff63c6c0000
                                                                                                                                                                                                  File size:24064 bytes
                                                                                                                                                                                                  MD5 hash:D78B75FC68247E8A63ACBA846182740E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                  Start time:00:29:52
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__0.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args MHLPvv2eVF5BDDAj57kaKhLlRzVl3TCPBu81sCtfDvA= -wait 300
                                                                                                                                                                                                  Imagebase:0x7ff727ff0000
                                                                                                                                                                                                  File size:369512 bytes
                                                                                                                                                                                                  MD5 hash:EDCE372DE488AA221DA7DB7544C09B3E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                  Start time:00:29:52
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                  Start time:00:29:52
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\EsgInstallerDelay__1.exe -exec OpfXySN2sIJfRn7kaByo3fAgnhU5bFC+1YK5gktB214= -args hOGTiE/QHFPjrWqL1njGygtJtFEVLgswO/2BlkHQX4U= -wait 300
                                                                                                                                                                                                  Imagebase:0x7ff6b0a90000
                                                                                                                                                                                                  File size:369512 bytes
                                                                                                                                                                                                  MD5 hash:EDCE372DE488AA221DA7DB7544C09B3E
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                  Start time:00:29:52
                                                                                                                                                                                                  Start date:30/11/2022
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff7c72c0000
                                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 036E3B19 Relevance: 1.4, Instructions: 1384COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000003.311726749.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Offset: 036DF000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_3_36df000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6a4ee2d54a9d0218bbac365f44ca4d6759095d71cd153e74a1202e9320d2e063
                                                                                                                                                                                                    • Instruction ID: f6483a7de57e936d3a79f9c6bc109d75f5f1a926ed044d79c566ef1b3f6708a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a4ee2d54a9d0218bbac365f44ca4d6759095d71cd153e74a1202e9320d2e063
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B492582640E3C55FC717CB748E66655BF70AE4320471E85CBC8C18F2B3DA296A1EE762
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 036E4545 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000003.311726749.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Offset: 036DF000, based on PE: false
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_3_36df000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 27c5b4984fd8554cdad4da686989a800912433784498ce8929d26fa7b074dd4f
                                                                                                                                                                                                    • Instruction ID: 23ce06f000fe8565c96910c3c110bba29bca00df8988dfa2ca0c5d49e3d9932a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27c5b4984fd8554cdad4da686989a800912433784498ce8929d26fa7b074dd4f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6718E3500E3C59FC307CF38CD66692BF71AE4721471D85CAD5C18F263D225662AEB92
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00007FF727FF10F0 Relevance: 26.8, APIs: 12, Strings: 3, Instructions: 501stringCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF77FF727FF10F0(void* __ecx, long long __rbx, void* __rdx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v104;
				long long _v112;
				char _v128;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				char _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				char _v232;
				char _v248;
				char _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				char _v312;
				char _v328;
				char _v344;
				long long _v352;
				long long _v360;
				long long _v368;
				char _v376;
				long long _v384;
				long long _v392;
				long long _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				signed long long _v440;
				long long _v448;
				signed long long _v456;
				long long _v464;
				long long _v472;
				long long _v480;
				void* _v504;
				long long _v512;
				signed int _v520;
				signed int _v528;
				signed int _v536;
				long long _v544;
				signed int _v552;
				void* __rdi;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				int _t262;
				void* _t289;
				signed int _t331;
				signed long long _t333;
				signed int _t335;
				void* _t347;
				void* _t349;
				signed long long _t402;
				signed long long _t405;
				long long _t420;
				long long _t435;
				void* _t471;
				void* _t487;
				void* _t495;
				void* _t502;
				char* _t521;
				char* _t527;
				char* _t528;
				signed long long _t530;
				long long _t534;
				long long _t537;
				void* _t545;
				void* _t553;
				void* _t554;
				void* _t555;
				void* _t557;
				long long _t558;

				_t542 = __rbp;
				_t437 = __rbx;
				_t340 = __ecx;
				_t555 = _t545;
				_v184 = 0xfffffffe;
				 *((long long*)(_t555 + 8)) = __rbx;
				 *((long long*)(_t555 + 0x18)) = __rbp;
				 *((long long*)(_t555 + 0x20)) = __rsi;
				_t402 =  *0x28040430; // 0x449f3b8ca6a
				_v56 = _t402 ^ _t545 - 0x00000220;
				_t539 = __rdx;
				_t350 = __ecx;
				r13d = 0;
				r12d = r13d;
				 *((long long*)(_t555 - 0x40)) = 7;
				 *((long long*)(_t555 - 0x48)) = _t558;
				 *((intOrPtr*)(_t555 - 0x58)) = r13w;
				 *((long long*)(_t555 - 0x90)) = 7;
				 *((long long*)(_t555 - 0x98)) = _t558;
				 *((intOrPtr*)(_t555 - 0xa8)) = r13w;
				if (__ecx <= 0) goto 0x27ff134d;
				_t262 = lstrcmpiW(??, ??); // executed
				if (_t262 != 0) goto 0x27ff11bd;
				_t331 = r13d + 1;
				if (_t331 - __ecx >= 0) goto 0x27ff1248;
				_t530 =  *((intOrPtr*)(__rdx + _t331 * 8));
				asm("repne scasw");
				E00007FF77FF727FF2070(__rbx,  &_v96,  *((intOrPtr*)(__rdx + _t331 * 8)), _t530, __rbp,  !( *(__rdx + r13d * 8) | 0xffffffff) - 1, _t557);
				goto 0x27ff123b;
				if (lstrcmpiW(??, ??) != 0) goto 0x27ff1207;
				_t333 = _t331 + 2;
				if (_t333 - __ecx >= 0) goto 0x27ff129f;
				_t405 = _t333;
				asm("repne scasw");
				_t549 =  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1;
				E00007FF77FF727FF2070(_t437,  &_v176,  *((intOrPtr*)(__rdx + _t405 * 8)),  *((intOrPtr*)(__rdx + _t405 * 8)), _t542,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t557);
				goto 0x27ff123b;
				if (lstrcmpiW(??, ??) != 0) goto 0x27ff1239;
				_t335 = _t333 + 2;
				if (_t335 - __ecx >= 0) goto 0x27ff12f6;
				r12d = E00007FF77FF728004578(_t437,  *((intOrPtr*)(__rdx + _t335 * 8)), L"-wait");
				goto 0x27ff123b;
				if (_t335 + 2 - __ecx >= 0) goto 0x27ff134d;
				goto 0x27ff1170;
				if (_v144 - 8 < 0) goto 0x27ff1260;
				E00007FF77FF7280044D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff1295;
				E00007FF77FF7280044D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0x27ff1b53;
				if (_v144 - 8 < 0) goto 0x27ff12b7;
				E00007FF77FF7280044D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff12ec;
				E00007FF77FF7280044D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0x27ff1b53;
				if (_v144 - 8 < 0) goto 0x27ff130e;
				E00007FF77FF7280044D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff1343;
				E00007FF77FF7280044D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0x27ff1b53;
				E00007FF77FF72802AF90(_t340, _v64 - 8, _t405, _t437,  &_v136, _t542, _t553, _t557);
				E00007FF77FF7280045E0(_t405,  &_v136);
				if (_t405 == 0) goto 0x27ff1374;
				 *_t405 =  &_v504;
				goto 0x27ff1377;
				_t406 = _t558;
				_v504 = _t558;
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				if (_v72 == 0) goto 0x27ff1a7c;
				_t517 =  >=  ? _v88 :  &_v88;
				r8d = _v72;
				E00007FF77FF727FF9DE0(_t558,  &_v232,  >=  ? _v88 :  &_v88, _t549, _t553);
				E00007FF77FF727FF9BD0(_t437,  &_v504, _t558);
				if (_v208 == 0) goto 0x27ff13ea;
				E00007FF77FF7280044D8(_t558, _t437, _v208, _t558, _t539, _t549, _t553);
				_v208 = _t558;
				_v200 = _t558;
				_v192 = _t558;
				E00007FF77FF7280044D8(_t558, _t437, _v232, _t406, _t539, _t549, _t553);
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v528 = _v528 ^ 0x82cdfde3;
				_v440 = _v528 ^ 0x852c1a21;
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v456 = _v528 ^ 0x82cdfde3;
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v520 = 0xf4e105e2;
				_v408 = _v520;
				_v400 = _v528;
				_v392 = _v456;
				_v384 = _v440;
				r8d = 0;
				if (E00007FF77FF72802BF20(_t335 + 2, 8, _t347, _t349, _t350, _v208, _t437,  &_v504,  &_v408, 0xf4e105e2, 0x238cb6e1, _t549, _t553, _t554, _t557, _t558, 0x82cdfde3, 0x852c1a21) == 0) goto 0x27ff1a7c;
				_t420 = _v472;
				_t438 = _t420;
				if (_v480 - _t420 <= 0) goto 0x27ff1517;
				E00007FF77FF7280044B8();
				_t421 = _v472;
				_t534 = _v480;
				_v520 = _v504;
				_v512 = _t420;
				if (_t534 - _v472 <= 0) goto 0x27ff1535;
				E00007FF77FF7280044B8();
				_v456 = _v504;
				_v448 = _t534;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x150], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0x140], xmm1");
				r9d = _v536 & 0x000000ff;
				_t550 =  &_v248;
				_t521 =  &_v264;
				E00007FF77FF727FF28C0( &_v96, _t521,  &_v248);
				_t289 = E00007FF77FF72802B620(_t335 + 2, _v472,  &_v96, 0xf4e105e2, 0x238cb6e1, _t554); // executed
				if (_t289 != 0) goto 0x27ff1678;
				_t471 =  >=  ? _v128 :  &_v128;
				_t111 = _t521 + 4; // 0x4
				r8d = _t111;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0x27ff15d2;
				E00007FF77FF7280044D8(_v472, _t420, _v480, _t521, 0xf4e105e2,  &_v248, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF77FF7280044D8(_v472, _t420, _v504, _t521, 0xf4e105e2,  &_v248, _t553);
				if (_v104 - 8 < 0) goto 0x27ff1604;
				E00007FF77FF7280044D8(_v472, _t420, _v128, _t521, 0xf4e105e2,  &_v248, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0x27ff1639;
				E00007FF77FF7280044D8(_v472, _t420, _v168, _t521, 0xf4e105e2,  &_v248, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff166e;
				E00007FF77FF7280044D8(_t421, _t420, _v88, _t521, 0xf4e105e2,  &_v248, _t553);
				goto 0x27ff1b53;
				if (_v152 == 0) goto 0x27ff192d;
				_t523 =  >=  ? _v168 :  &_v168;
				r8d = _v152;
				E00007FF77FF727FF9DE0(_t421,  &_v312,  >=  ? _v168 :  &_v168,  &_v248, _t553);
				E00007FF77FF727FF9BD0(_t420,  &_v504, _t421);
				if (_v288 == 0) goto 0x27ff16d7;
				E00007FF77FF7280044D8(_t421, _t420, _v288, _t421, 0xf4e105e2,  &_v248, _t553);
				_v288 = _t558;
				_v280 = _t558;
				_v272 = _t558;
				E00007FF77FF7280044D8(_t421, _t420, _v312, _t421, 0xf4e105e2,  &_v248, _t553);
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v520 = _v520 ^ 0x82cdfde3;
				_v456 = _v520 ^ 0x852c1a21;
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v440 = _v520 ^ 0x82cdfde3;
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v528 = 0xf4e105e2;
				_v376 = _v528;
				_v368 = _v520;
				_v360 = _v440;
				_v352 = _v456;
				r8d = 0;
				if (E00007FF77FF72802BF20(_t335 + 2, 8, _t347, _t349, _t350, _v288, _t438,  &_v504,  &_v376, 0xf4e105e2, 0x238cb6e1, _t550, _t553, _t554, _t557, _t558, 0x82cdfde3, 0x852c1a21) == 0) goto 0x27ff1851;
				_t435 = _v472;
				_t439 = _t435;
				if (_v480 - _t435 <= 0) goto 0x27ff17dc;
				E00007FF77FF7280044B8();
				_t436 = _v472;
				_t537 = _v480;
				_v520 = _v504;
				_v512 = _t435;
				if (_t537 - _v472 <= 0) goto 0x27ff17fa;
				E00007FF77FF7280044B8();
				_v456 = _v504;
				_v448 = _t537;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x100], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0xf0], xmm1");
				r9d = _v536 & 0x000000ff;
				_t527 =  &_v344;
				E00007FF77FF727FF28C0( &_v176, _t527,  &_v328);
				goto 0x27ff192d;
				_t487 =  >=  ? _v128 :  &_v128;
				_t184 = _t527 + 4; // 0x4
				r8d = _t184;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0x27ff1887;
				E00007FF77FF7280044D8(_v472, _t435, _v480, _t527, 0xf4e105e2,  &_v328, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF77FF7280044D8(_v472, _t435, _v504, _t527, 0xf4e105e2,  &_v328, _t553);
				if (_v104 - 8 < 0) goto 0x27ff18b9;
				E00007FF77FF7280044D8(_v472, _t435, _v128, _t527, 0xf4e105e2,  &_v328, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0x27ff18ee;
				E00007FF77FF7280044D8(_v472, _t435, _v168, _t527, 0xf4e105e2,  &_v328, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff1923;
				E00007FF77FF7280044D8(_v472, _t435, _v88, _t527, 0xf4e105e2,  &_v328, _t553);
				goto 0x27ff1b53;
				if (r12d == 0) goto 0x27ff1942;
				r12d = r12d * 0x3e8;
				SleepEx(??, ??); // executed
				_v432 = 0;
				_v428 = 0;
				_v424 = 0;
				_v420 = 0;
				_v416 = 0;
				_v412 = 0;
				_v544 = _t558;
				_v552 = r13d;
				r9d = 0;
				_t552 =  &_v176;
				_t528 =  &_v96;
				E00007FF77FF72802B6B0(_t335 + 2, r12d, _v472,  &_v432, _t528,  &_v176, _t553, _t555);
				_t495 =  >=  ? _v128 :  &_v128;
				_t216 = _t528 + 4; // 0x4
				r8d = _t216;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0x27ff19d9;
				E00007FF77FF7280044D8(_v472, _t435, _v480, _t528, 0xf4e105e2,  &_v176, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF77FF7280044D8(_v472, _t435, _v504, _t528, 0xf4e105e2,  &_v176, _t553);
				if (_v104 - 8 < 0) goto 0x27ff1a0b;
				E00007FF77FF7280044D8(_t436, _t435, _v128, _t528, 0xf4e105e2,  &_v176, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0x27ff1a40;
				E00007FF77FF7280044D8(_t436, _t439, _v168, _t528, 0xf4e105e2,  &_v176, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff1a75;
				E00007FF77FF7280044D8(_t436, _t439, _v88, _t528, 0xf4e105e2,  &_v176, _t553);
				goto 0x27ff1b53;
				_t502 =  >=  ? _v128 :  &_v128;
				_t239 = _t528 + 4; // 0x4
				r8d = _t239;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0x27ff1ab2;
				E00007FF77FF7280044D8(_t436, _t439, _v480, _t528, 0xf4e105e2,  &_v176, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF77FF7280044D8(_t436, _t439, _v504, _t528, 0xf4e105e2,  &_v176, _t553);
				if (_v104 - 8 < 0) goto 0x27ff1ae4;
				E00007FF77FF7280044D8(_t436, _t439, _v128, _t528, 0xf4e105e2,  &_v176, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0x27ff1b19;
				E00007FF77FF7280044D8(_t436, _t439, _v168, _t528, 0xf4e105e2, _t552, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0x27ff1b4e;
				E00007FF77FF7280044D8(_t436, _t439, _v88, _t528, 0xf4e105e2, _t552, _t553);
				return E00007FF77FF728004050(r12d, _v56 ^ _t545 - 0x00000220, _t528, _t552, _t553);
			}

























































































                                                                                                                                                                                                    0x7ff727ff10f0
                                                                                                                                                                                                    0x7ff727ff10f0
                                                                                                                                                                                                    0x7ff727ff10f0
                                                                                                                                                                                                    0x7ff727ff10f0
                                                                                                                                                                                                    0x7ff727ff1103
                                                                                                                                                                                                    0x7ff727ff110f
                                                                                                                                                                                                    0x7ff727ff1113
                                                                                                                                                                                                    0x7ff727ff1117
                                                                                                                                                                                                    0x7ff727ff111b
                                                                                                                                                                                                    0x7ff727ff1125
                                                                                                                                                                                                    0x7ff727ff112d
                                                                                                                                                                                                    0x7ff727ff1130
                                                                                                                                                                                                    0x7ff727ff1132
                                                                                                                                                                                                    0x7ff727ff1135
                                                                                                                                                                                                    0x7ff727ff1138
                                                                                                                                                                                                    0x7ff727ff1140
                                                                                                                                                                                                    0x7ff727ff1144
                                                                                                                                                                                                    0x7ff727ff1149
                                                                                                                                                                                                    0x7ff727ff1154
                                                                                                                                                                                                    0x7ff727ff115b
                                                                                                                                                                                                    0x7ff727ff1168
                                                                                                                                                                                                    0x7ff727ff117e
                                                                                                                                                                                                    0x7ff727ff1186
                                                                                                                                                                                                    0x7ff727ff1188
                                                                                                                                                                                                    0x7ff727ff118c
                                                                                                                                                                                                    0x7ff727ff119f
                                                                                                                                                                                                    0x7ff727ff11a2
                                                                                                                                                                                                    0x7ff727ff11b4
                                                                                                                                                                                                    0x7ff727ff11bb
                                                                                                                                                                                                    0x7ff727ff11d0
                                                                                                                                                                                                    0x7ff727ff11d2
                                                                                                                                                                                                    0x7ff727ff11d6
                                                                                                                                                                                                    0x7ff727ff11dc
                                                                                                                                                                                                    0x7ff727ff11ec
                                                                                                                                                                                                    0x7ff727ff11f2
                                                                                                                                                                                                    0x7ff727ff11fe
                                                                                                                                                                                                    0x7ff727ff1205
                                                                                                                                                                                                    0x7ff727ff121a
                                                                                                                                                                                                    0x7ff727ff121c
                                                                                                                                                                                                    0x7ff727ff1220
                                                                                                                                                                                                    0x7ff727ff1232
                                                                                                                                                                                                    0x7ff727ff1237
                                                                                                                                                                                                    0x7ff727ff123d
                                                                                                                                                                                                    0x7ff727ff1243
                                                                                                                                                                                                    0x7ff727ff1251
                                                                                                                                                                                                    0x7ff727ff125b
                                                                                                                                                                                                    0x7ff727ff1260
                                                                                                                                                                                                    0x7ff727ff126c
                                                                                                                                                                                                    0x7ff727ff1274
                                                                                                                                                                                                    0x7ff727ff1286
                                                                                                                                                                                                    0x7ff727ff1290
                                                                                                                                                                                                    0x7ff727ff129a
                                                                                                                                                                                                    0x7ff727ff12a8
                                                                                                                                                                                                    0x7ff727ff12b2
                                                                                                                                                                                                    0x7ff727ff12b7
                                                                                                                                                                                                    0x7ff727ff12c3
                                                                                                                                                                                                    0x7ff727ff12cb
                                                                                                                                                                                                    0x7ff727ff12dd
                                                                                                                                                                                                    0x7ff727ff12e7
                                                                                                                                                                                                    0x7ff727ff12f1
                                                                                                                                                                                                    0x7ff727ff12ff
                                                                                                                                                                                                    0x7ff727ff1309
                                                                                                                                                                                                    0x7ff727ff130e
                                                                                                                                                                                                    0x7ff727ff131a
                                                                                                                                                                                                    0x7ff727ff1322
                                                                                                                                                                                                    0x7ff727ff1334
                                                                                                                                                                                                    0x7ff727ff133e
                                                                                                                                                                                                    0x7ff727ff1348
                                                                                                                                                                                                    0x7ff727ff1355
                                                                                                                                                                                                    0x7ff727ff1360
                                                                                                                                                                                                    0x7ff727ff1368
                                                                                                                                                                                                    0x7ff727ff136f
                                                                                                                                                                                                    0x7ff727ff1372
                                                                                                                                                                                                    0x7ff727ff1374
                                                                                                                                                                                                    0x7ff727ff1377
                                                                                                                                                                                                    0x7ff727ff137c
                                                                                                                                                                                                    0x7ff727ff1381
                                                                                                                                                                                                    0x7ff727ff1386
                                                                                                                                                                                                    0x7ff727ff1394
                                                                                                                                                                                                    0x7ff727ff13ab
                                                                                                                                                                                                    0x7ff727ff13b4
                                                                                                                                                                                                    0x7ff727ff13c4
                                                                                                                                                                                                    0x7ff727ff13d2
                                                                                                                                                                                                    0x7ff727ff13e3
                                                                                                                                                                                                    0x7ff727ff13e5
                                                                                                                                                                                                    0x7ff727ff13ea
                                                                                                                                                                                                    0x7ff727ff13f2
                                                                                                                                                                                                    0x7ff727ff13fa
                                                                                                                                                                                                    0x7ff727ff140a
                                                                                                                                                                                                    0x7ff727ff1419
                                                                                                                                                                                                    0x7ff727ff1430
                                                                                                                                                                                                    0x7ff727ff1447
                                                                                                                                                                                                    0x7ff727ff145e
                                                                                                                                                                                                    0x7ff727ff1466
                                                                                                                                                                                                    0x7ff727ff1473
                                                                                                                                                                                                    0x7ff727ff1480
                                                                                                                                                                                                    0x7ff727ff1488
                                                                                                                                                                                                    0x7ff727ff1495
                                                                                                                                                                                                    0x7ff727ff149a
                                                                                                                                                                                                    0x7ff727ff14b9
                                                                                                                                                                                                    0x7ff727ff14c1
                                                                                                                                                                                                    0x7ff727ff14c9
                                                                                                                                                                                                    0x7ff727ff14d1
                                                                                                                                                                                                    0x7ff727ff14d9
                                                                                                                                                                                                    0x7ff727ff14f0
                                                                                                                                                                                                    0x7ff727ff14f6
                                                                                                                                                                                                    0x7ff727ff14fb
                                                                                                                                                                                                    0x7ff727ff1506
                                                                                                                                                                                                    0x7ff727ff1508
                                                                                                                                                                                                    0x7ff727ff150d
                                                                                                                                                                                                    0x7ff727ff1512
                                                                                                                                                                                                    0x7ff727ff151c
                                                                                                                                                                                                    0x7ff727ff1521
                                                                                                                                                                                                    0x7ff727ff1529
                                                                                                                                                                                                    0x7ff727ff152b
                                                                                                                                                                                                    0x7ff727ff1535
                                                                                                                                                                                                    0x7ff727ff153d
                                                                                                                                                                                                    0x7ff727ff1545
                                                                                                                                                                                                    0x7ff727ff154a
                                                                                                                                                                                                    0x7ff727ff1553
                                                                                                                                                                                                    0x7ff727ff155b
                                                                                                                                                                                                    0x7ff727ff1564
                                                                                                                                                                                                    0x7ff727ff156a
                                                                                                                                                                                                    0x7ff727ff1572
                                                                                                                                                                                                    0x7ff727ff1582
                                                                                                                                                                                                    0x7ff727ff158f
                                                                                                                                                                                                    0x7ff727ff1596
                                                                                                                                                                                                    0x7ff727ff15ad
                                                                                                                                                                                                    0x7ff727ff15b8
                                                                                                                                                                                                    0x7ff727ff15b8
                                                                                                                                                                                                    0x7ff727ff15bc
                                                                                                                                                                                                    0x7ff727ff15cb
                                                                                                                                                                                                    0x7ff727ff15cd
                                                                                                                                                                                                    0x7ff727ff15d2
                                                                                                                                                                                                    0x7ff727ff15d7
                                                                                                                                                                                                    0x7ff727ff15dc
                                                                                                                                                                                                    0x7ff727ff15e6
                                                                                                                                                                                                    0x7ff727ff15f5
                                                                                                                                                                                                    0x7ff727ff15ff
                                                                                                                                                                                                    0x7ff727ff1604
                                                                                                                                                                                                    0x7ff727ff1610
                                                                                                                                                                                                    0x7ff727ff1618
                                                                                                                                                                                                    0x7ff727ff162a
                                                                                                                                                                                                    0x7ff727ff1634
                                                                                                                                                                                                    0x7ff727ff1639
                                                                                                                                                                                                    0x7ff727ff1645
                                                                                                                                                                                                    0x7ff727ff164d
                                                                                                                                                                                                    0x7ff727ff165f
                                                                                                                                                                                                    0x7ff727ff1669
                                                                                                                                                                                                    0x7ff727ff1673
                                                                                                                                                                                                    0x7ff727ff1681
                                                                                                                                                                                                    0x7ff727ff1698
                                                                                                                                                                                                    0x7ff727ff16a1
                                                                                                                                                                                                    0x7ff727ff16b1
                                                                                                                                                                                                    0x7ff727ff16bf
                                                                                                                                                                                                    0x7ff727ff16d0
                                                                                                                                                                                                    0x7ff727ff16d2
                                                                                                                                                                                                    0x7ff727ff16d7
                                                                                                                                                                                                    0x7ff727ff16df
                                                                                                                                                                                                    0x7ff727ff16e7
                                                                                                                                                                                                    0x7ff727ff16f7
                                                                                                                                                                                                    0x7ff727ff16fc
                                                                                                                                                                                                    0x7ff727ff1709
                                                                                                                                                                                                    0x7ff727ff1716
                                                                                                                                                                                                    0x7ff727ff1723
                                                                                                                                                                                                    0x7ff727ff172b
                                                                                                                                                                                                    0x7ff727ff1738
                                                                                                                                                                                                    0x7ff727ff1745
                                                                                                                                                                                                    0x7ff727ff174d
                                                                                                                                                                                                    0x7ff727ff175a
                                                                                                                                                                                                    0x7ff727ff175f
                                                                                                                                                                                                    0x7ff727ff177e
                                                                                                                                                                                                    0x7ff727ff1786
                                                                                                                                                                                                    0x7ff727ff178e
                                                                                                                                                                                                    0x7ff727ff1796
                                                                                                                                                                                                    0x7ff727ff179e
                                                                                                                                                                                                    0x7ff727ff17b5
                                                                                                                                                                                                    0x7ff727ff17bb
                                                                                                                                                                                                    0x7ff727ff17c0
                                                                                                                                                                                                    0x7ff727ff17cb
                                                                                                                                                                                                    0x7ff727ff17cd
                                                                                                                                                                                                    0x7ff727ff17d2
                                                                                                                                                                                                    0x7ff727ff17d7
                                                                                                                                                                                                    0x7ff727ff17e1
                                                                                                                                                                                                    0x7ff727ff17e6
                                                                                                                                                                                                    0x7ff727ff17ee
                                                                                                                                                                                                    0x7ff727ff17f0
                                                                                                                                                                                                    0x7ff727ff17fa
                                                                                                                                                                                                    0x7ff727ff1802
                                                                                                                                                                                                    0x7ff727ff180a
                                                                                                                                                                                                    0x7ff727ff180f
                                                                                                                                                                                                    0x7ff727ff1818
                                                                                                                                                                                                    0x7ff727ff1820
                                                                                                                                                                                                    0x7ff727ff1829
                                                                                                                                                                                                    0x7ff727ff1837
                                                                                                                                                                                                    0x7ff727ff1847
                                                                                                                                                                                                    0x7ff727ff184c
                                                                                                                                                                                                    0x7ff727ff1862
                                                                                                                                                                                                    0x7ff727ff186d
                                                                                                                                                                                                    0x7ff727ff186d
                                                                                                                                                                                                    0x7ff727ff1871
                                                                                                                                                                                                    0x7ff727ff1880
                                                                                                                                                                                                    0x7ff727ff1882
                                                                                                                                                                                                    0x7ff727ff1887
                                                                                                                                                                                                    0x7ff727ff188c
                                                                                                                                                                                                    0x7ff727ff1891
                                                                                                                                                                                                    0x7ff727ff189b
                                                                                                                                                                                                    0x7ff727ff18aa
                                                                                                                                                                                                    0x7ff727ff18b4
                                                                                                                                                                                                    0x7ff727ff18b9
                                                                                                                                                                                                    0x7ff727ff18c5
                                                                                                                                                                                                    0x7ff727ff18cd
                                                                                                                                                                                                    0x7ff727ff18df
                                                                                                                                                                                                    0x7ff727ff18e9
                                                                                                                                                                                                    0x7ff727ff18ee
                                                                                                                                                                                                    0x7ff727ff18fa
                                                                                                                                                                                                    0x7ff727ff1902
                                                                                                                                                                                                    0x7ff727ff1914
                                                                                                                                                                                                    0x7ff727ff191e
                                                                                                                                                                                                    0x7ff727ff1928
                                                                                                                                                                                                    0x7ff727ff1930
                                                                                                                                                                                                    0x7ff727ff1932
                                                                                                                                                                                                    0x7ff727ff193c
                                                                                                                                                                                                    0x7ff727ff1944
                                                                                                                                                                                                    0x7ff727ff194b
                                                                                                                                                                                                    0x7ff727ff1952
                                                                                                                                                                                                    0x7ff727ff1959
                                                                                                                                                                                                    0x7ff727ff1960
                                                                                                                                                                                                    0x7ff727ff1967
                                                                                                                                                                                                    0x7ff727ff196e
                                                                                                                                                                                                    0x7ff727ff1973
                                                                                                                                                                                                    0x7ff727ff1978
                                                                                                                                                                                                    0x7ff727ff197b
                                                                                                                                                                                                    0x7ff727ff1983
                                                                                                                                                                                                    0x7ff727ff1993
                                                                                                                                                                                                    0x7ff727ff19ac
                                                                                                                                                                                                    0x7ff727ff19b7
                                                                                                                                                                                                    0x7ff727ff19b7
                                                                                                                                                                                                    0x7ff727ff19bb
                                                                                                                                                                                                    0x7ff727ff19d2
                                                                                                                                                                                                    0x7ff727ff19d4
                                                                                                                                                                                                    0x7ff727ff19d9
                                                                                                                                                                                                    0x7ff727ff19de
                                                                                                                                                                                                    0x7ff727ff19e3
                                                                                                                                                                                                    0x7ff727ff19ed
                                                                                                                                                                                                    0x7ff727ff19fc
                                                                                                                                                                                                    0x7ff727ff1a06
                                                                                                                                                                                                    0x7ff727ff1a0b
                                                                                                                                                                                                    0x7ff727ff1a17
                                                                                                                                                                                                    0x7ff727ff1a1f
                                                                                                                                                                                                    0x7ff727ff1a31
                                                                                                                                                                                                    0x7ff727ff1a3b
                                                                                                                                                                                                    0x7ff727ff1a40
                                                                                                                                                                                                    0x7ff727ff1a4c
                                                                                                                                                                                                    0x7ff727ff1a54
                                                                                                                                                                                                    0x7ff727ff1a66
                                                                                                                                                                                                    0x7ff727ff1a70
                                                                                                                                                                                                    0x7ff727ff1a77
                                                                                                                                                                                                    0x7ff727ff1a8d
                                                                                                                                                                                                    0x7ff727ff1a98
                                                                                                                                                                                                    0x7ff727ff1a98
                                                                                                                                                                                                    0x7ff727ff1a9c
                                                                                                                                                                                                    0x7ff727ff1aab
                                                                                                                                                                                                    0x7ff727ff1aad
                                                                                                                                                                                                    0x7ff727ff1ab2
                                                                                                                                                                                                    0x7ff727ff1ab7
                                                                                                                                                                                                    0x7ff727ff1abc
                                                                                                                                                                                                    0x7ff727ff1ac6
                                                                                                                                                                                                    0x7ff727ff1ad5
                                                                                                                                                                                                    0x7ff727ff1adf
                                                                                                                                                                                                    0x7ff727ff1ae4
                                                                                                                                                                                                    0x7ff727ff1af0
                                                                                                                                                                                                    0x7ff727ff1af8
                                                                                                                                                                                                    0x7ff727ff1b0a
                                                                                                                                                                                                    0x7ff727ff1b14
                                                                                                                                                                                                    0x7ff727ff1b19
                                                                                                                                                                                                    0x7ff727ff1b25
                                                                                                                                                                                                    0x7ff727ff1b2d
                                                                                                                                                                                                    0x7ff727ff1b3f
                                                                                                                                                                                                    0x7ff727ff1b49
                                                                                                                                                                                                    0x7ff727ff1b83

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$File$Move$lstrcmpi$lstrcat$AttributesErrorLastSleeplstrcpy
                                                                                                                                                                                                    • String ID: -args$-exec$-wait
                                                                                                                                                                                                    • API String ID: 3695391189-3543574200
                                                                                                                                                                                                    • Opcode ID: b47439b2d598f34099cd404de5d1fba8806b7a4de36602e438ec1d6f7ee21c83
                                                                                                                                                                                                    • Instruction ID: ca5f45c5f37a42f40b40dcba47fabf133a613496bf2e70f031a0a7e931e79f4d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47439b2d598f34099cd404de5d1fba8806b7a4de36602e438ec1d6f7ee21c83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D642133261CBC181EA70AB14F9843AEF3A4FB85788F900136DA9D47A99DF3DD155CB24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280045E0 Relevance: 9.1, APIs: 6, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF77FF7280045E0(void* __rax, void* __rcx) {
				void* _t2;

				goto 0x280045fa;
				if (E00007FF77FF72800BC98(__rax, __rcx) == 0) goto 0x2800460a;
				_t2 = malloc(??);
				if (__rax == 0) goto 0x280045eb;
				return _t2;
			}




                                                                                                                                                                                                    0x7ff7280045e9
                                                                                                                                                                                                    0x7ff7280045f5
                                                                                                                                                                                                    0x7ff7280045fa
                                                                                                                                                                                                    0x7ff728004602
                                                                                                                                                                                                    0x7ff728004609

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$AllocateCommandHeapInitializeLine_cinitmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2456440378-0
                                                                                                                                                                                                    • Opcode ID: d9342fbc873394faf5c233f4d5feb5bd075710e0ef0b8a8265e5b7922b41a891
                                                                                                                                                                                                    • Instruction ID: 7718c5ac3c21343a24bf7a8698736ab95c99588ab2c12e5aeeab707b1209ea25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9342fbc873394faf5c233f4d5feb5bd075710e0ef0b8a8265e5b7922b41a891
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D513F60E0CA4386FA70BB64AC51279E291EF41349FC84137D66D426D3EF6EE4448E3D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800C75C Relevance: 7.7, APIs: 5, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF77FF72800C75C(void* __ecx, signed long long __rbx, void* __rdx, signed long long __rdi, signed long long __rsi, signed long long __r12) {
				void* _v24;
				signed long long* _v64;
				intOrPtr _v70;
				void* _v136;
				signed int _t63;
				signed int _t65;
				signed char _t74;
				signed int _t75;
				signed int _t83;
				signed int _t86;
				void* _t88;
				signed int _t95;
				signed long long* _t127;
				signed long long* _t129;
				signed long long* _t131;
				long long _t136;
				long long* _t140;
				signed long long _t151;
				signed long long _t153;
				signed char* _t158;
				void* _t162;
				signed long long* _t163;
				signed long long* _t166;
				signed long long* _t168;
				long long* _t174;
				void* _t176;
				signed char* _t177;
				void* _t180;
				struct _STARTUPINFOA* _t184;

				_t151 = __rdi;
				_t150 = __rdx;
				_t137 = __rbx;
				_t127 = _t163;
				_t127[1] = __rbx;
				_t127[2] = __rsi;
				_t127[3] = __rdi;
				_t127[4] = __r12;
				GetStartupInfoA(_t184);
				_t6 = _t150 - 0x38; // 0x20
				r12d = _t6;
				E00007FF77FF72800A5E0(__rbx, __r12, __rdx, __rdi, __rsi, _t162, _t180, _t176);
				_t166 = _t127;
				r15d = 0;
				if (_t127 != _t184) goto 0x2800c7ac;
				goto 0x2800ca27;
				 *0x280489e0 = _t127;
				 *0x280489c0 = r12d;
				if (_t166 -  &(_t127[0x160]) >= 0) goto 0x2800c80a;
				_t166[1] = r15b;
				 *_t166 =  *_t166 | 0xffffffff;
				_t166[1] = 0xa;
				_t166[1] = r15d;
				_t166[7] = r15b;
				_t166[7] = 0xa;
				_t166[7] = 0xa;
				_t166[0xa] = r15d;
				_t166[9] = r15b;
				_t129 =  *0x280489e0; // 0x1030b10
				if ( &(_t166[0xb]) - _t129 + 0xb00 < 0) goto 0x2800c7c7;
				_t86 =  *0x280489c0; // 0x20
				if (_v70 == r15w) goto 0x2800c95f;
				_t131 = _v64;
				if (_t131 == _t184) goto 0x2800c95f;
				_t177 =  &(_t131[0]);
				_t158 =  &(_t177[ *_t131]);
				_t82 =  <  ?  *_t131 : 0x800;
				if (_t86 - 0x800 >= 0) goto 0x2800c8d2;
				E00007FF77FF72800A5E0(_t137, __r12, _t150, _t151, _t158, _t162);
				_t168 = _t131;
				if (_t131 == _t184) goto 0x2800c8ca;
				0x280489e0[_t151] = _t131;
				_t63 =  *0x280489c0; // 0x20
				 *0x280489c0 = _t63 + r12d;
				_t20 =  &(_t168[0x160]); // 0xb00
				if (_t168 - _t20 >= 0) goto 0x2800c8c1;
				_t168[1] = r15b;
				 *_t168 =  *_t168 | 0xffffffff;
				_t168[1] = 0xa;
				_t168[1] = r15d;
				_t168[7] = _t168[7] & 0x00000080;
				_t168[7] = 0xa;
				_t168[7] = 0xa;
				_t168[0xa] = r15d;
				_t168[9] = r15b;
				if ( &(_t168[0xb]) -  &(0x280489e0[_t151][0x160]) < 0) goto 0x2800c880;
				_t65 =  *0x280489c0; // 0x20
				_t107 = _t65 - ( <  ?  *_t131 : 0x800);
				if (_t65 - ( <  ?  *_t131 : 0x800) < 0) goto 0x2800c84c;
				goto 0x2800c8d9;
				_t83 =  *0x280489c0; // 0x20
				goto 0x2800c8d9;
				_t95 = r15d;
				if (_t83 - r15d <= 0) goto 0x2800c95f;
				if ( *_t158 == 0xffffffff) goto 0x2800c952;
				if ( *_t158 == 0xfffffffe) goto 0x2800c952;
				if (( *_t177 & 0x00000001) == 0) goto 0x2800c952;
				if (( *_t177 & 0x00000008) != 0) goto 0x2800c909;
				if (GetFileType(??) == r15d) goto 0x2800c952;
				r12d = r12d & 0x0000001f;
				_t174 = 0x280489e0[_t95 >> 5] + _t95 * 0x58;
				_t136 =  *_t158;
				 *_t174 = _t136;
				 *((char*)(_t174 + 8)) =  *_t177;
				if (E00007FF77FF728010438() == r15d) goto 0x2800c94a;
				 *((intOrPtr*)(_t174 + 0xc)) =  *((intOrPtr*)(_t174 + 0xc)) + 1;
				goto 0x2800c952;
				goto 0x2800ca27;
				if (_t95 + 1 - _t83 < 0) goto 0x2800c8e1;
				r12d = r15d;
				_t153 = _t184;
				_t140 =  *0x280489e0 + _t153 * 0x58;
				if ( *_t140 == 0xffffffff) goto 0x2800c985;
				if ( *_t140 == 0xfffffffe) goto 0x2800c985;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000080;
				goto 0x2800ca04;
				 *(_t140 + 8) = 0x81;
				asm("sbb ecx, ecx");
				_t88 =  ==  ? 0xfffffff6 : _t86 + 0xfffffff5;
				GetStdHandle(??);
				if (_t136 == 0xffffffff) goto 0x2800c9f9;
				if (_t136 == _t184) goto 0x2800c9f9;
				_t74 = GetFileType(??); // executed
				if (_t74 == r15d) goto 0x2800c9f9;
				 *_t140 = _t136;
				_t75 = _t74 & 0x000000ff;
				if (_t75 != 2) goto 0x2800c9d3;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000040;
				goto 0x2800c9dc;
				if (_t75 != 3) goto 0x2800c9dc;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000008;
				if (E00007FF77FF728010438() == r15d) goto 0x2800c9f4;
				 *((intOrPtr*)(_t140 + 0xc)) =  *((intOrPtr*)(_t140 + 0xc)) + 1;
				goto 0x2800ca04;
				goto 0x2800ca27;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000040;
				 *_t140 = 0xfffffffe;
				r12d = r12d + 1;
				if (_t153 + 1 - 3 < 0) goto 0x2800c965;
				SetHandleCount(??);
				return 0xffffffff;
			}
































                                                                                                                                                                                                    0x7ff72800c75c
                                                                                                                                                                                                    0x7ff72800c75c
                                                                                                                                                                                                    0x7ff72800c75c
                                                                                                                                                                                                    0x7ff72800c75c
                                                                                                                                                                                                    0x7ff72800c75f
                                                                                                                                                                                                    0x7ff72800c763
                                                                                                                                                                                                    0x7ff72800c767
                                                                                                                                                                                                    0x7ff72800c76b
                                                                                                                                                                                                    0x7ff72800c781
                                                                                                                                                                                                    0x7ff72800c78d
                                                                                                                                                                                                    0x7ff72800c78d
                                                                                                                                                                                                    0x7ff72800c794
                                                                                                                                                                                                    0x7ff72800c799
                                                                                                                                                                                                    0x7ff72800c79c
                                                                                                                                                                                                    0x7ff72800c7a2
                                                                                                                                                                                                    0x7ff72800c7a7
                                                                                                                                                                                                    0x7ff72800c7ac
                                                                                                                                                                                                    0x7ff72800c7b6
                                                                                                                                                                                                    0x7ff72800c7c5
                                                                                                                                                                                                    0x7ff72800c7c7
                                                                                                                                                                                                    0x7ff72800c7cb
                                                                                                                                                                                                    0x7ff72800c7cf
                                                                                                                                                                                                    0x7ff72800c7d4
                                                                                                                                                                                                    0x7ff72800c7d8
                                                                                                                                                                                                    0x7ff72800c7dc
                                                                                                                                                                                                    0x7ff72800c7e1
                                                                                                                                                                                                    0x7ff72800c7e6
                                                                                                                                                                                                    0x7ff72800c7ea
                                                                                                                                                                                                    0x7ff72800c7f2
                                                                                                                                                                                                    0x7ff72800c802
                                                                                                                                                                                                    0x7ff72800c804
                                                                                                                                                                                                    0x7ff72800c810
                                                                                                                                                                                                    0x7ff72800c816
                                                                                                                                                                                                    0x7ff72800c81e
                                                                                                                                                                                                    0x7ff72800c824
                                                                                                                                                                                                    0x7ff72800c82b
                                                                                                                                                                                                    0x7ff72800c835
                                                                                                                                                                                                    0x7ff72800c83f
                                                                                                                                                                                                    0x7ff72800c854
                                                                                                                                                                                                    0x7ff72800c859
                                                                                                                                                                                                    0x7ff72800c85f
                                                                                                                                                                                                    0x7ff72800c861
                                                                                                                                                                                                    0x7ff72800c865
                                                                                                                                                                                                    0x7ff72800c86e
                                                                                                                                                                                                    0x7ff72800c874
                                                                                                                                                                                                    0x7ff72800c87e
                                                                                                                                                                                                    0x7ff72800c880
                                                                                                                                                                                                    0x7ff72800c884
                                                                                                                                                                                                    0x7ff72800c888
                                                                                                                                                                                                    0x7ff72800c88d
                                                                                                                                                                                                    0x7ff72800c891
                                                                                                                                                                                                    0x7ff72800c896
                                                                                                                                                                                                    0x7ff72800c89b
                                                                                                                                                                                                    0x7ff72800c8a0
                                                                                                                                                                                                    0x7ff72800c8a4
                                                                                                                                                                                                    0x7ff72800c8b9
                                                                                                                                                                                                    0x7ff72800c8bb
                                                                                                                                                                                                    0x7ff72800c8c4
                                                                                                                                                                                                    0x7ff72800c8c6
                                                                                                                                                                                                    0x7ff72800c8c8
                                                                                                                                                                                                    0x7ff72800c8ca
                                                                                                                                                                                                    0x7ff72800c8d0
                                                                                                                                                                                                    0x7ff72800c8d9
                                                                                                                                                                                                    0x7ff72800c8df
                                                                                                                                                                                                    0x7ff72800c8e5
                                                                                                                                                                                                    0x7ff72800c8eb
                                                                                                                                                                                                    0x7ff72800c8f2
                                                                                                                                                                                                    0x7ff72800c8f9
                                                                                                                                                                                                    0x7ff72800c907
                                                                                                                                                                                                    0x7ff72800c913
                                                                                                                                                                                                    0x7ff72800c91b
                                                                                                                                                                                                    0x7ff72800c91f
                                                                                                                                                                                                    0x7ff72800c922
                                                                                                                                                                                                    0x7ff72800c92a
                                                                                                                                                                                                    0x7ff72800c941
                                                                                                                                                                                                    0x7ff72800c943
                                                                                                                                                                                                    0x7ff72800c948
                                                                                                                                                                                                    0x7ff72800c94d
                                                                                                                                                                                                    0x7ff72800c95d
                                                                                                                                                                                                    0x7ff72800c95f
                                                                                                                                                                                                    0x7ff72800c962
                                                                                                                                                                                                    0x7ff72800c96c
                                                                                                                                                                                                    0x7ff72800c977
                                                                                                                                                                                                    0x7ff72800c97d
                                                                                                                                                                                                    0x7ff72800c97f
                                                                                                                                                                                                    0x7ff72800c983
                                                                                                                                                                                                    0x7ff72800c985
                                                                                                                                                                                                    0x7ff72800c990
                                                                                                                                                                                                    0x7ff72800c99d
                                                                                                                                                                                                    0x7ff72800c9a0
                                                                                                                                                                                                    0x7ff72800c9ad
                                                                                                                                                                                                    0x7ff72800c9b2
                                                                                                                                                                                                    0x7ff72800c9b7
                                                                                                                                                                                                    0x7ff72800c9c0
                                                                                                                                                                                                    0x7ff72800c9c2
                                                                                                                                                                                                    0x7ff72800c9c5
                                                                                                                                                                                                    0x7ff72800c9cb
                                                                                                                                                                                                    0x7ff72800c9cd
                                                                                                                                                                                                    0x7ff72800c9d1
                                                                                                                                                                                                    0x7ff72800c9d6
                                                                                                                                                                                                    0x7ff72800c9d8
                                                                                                                                                                                                    0x7ff72800c9ed
                                                                                                                                                                                                    0x7ff72800c9ef
                                                                                                                                                                                                    0x7ff72800c9f2
                                                                                                                                                                                                    0x7ff72800c9f7
                                                                                                                                                                                                    0x7ff72800c9f9
                                                                                                                                                                                                    0x7ff72800c9fd
                                                                                                                                                                                                    0x7ff72800ca04
                                                                                                                                                                                                    0x7ff72800ca0e
                                                                                                                                                                                                    0x7ff72800ca1a
                                                                                                                                                                                                    0x7ff72800ca48

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStartupInfoA.KERNEL32 ref: 00007FF72800C781
                                                                                                                                                                                                      • Part of subcall function 00007FF72800A5E0: Sleep.KERNEL32(?,?,?,00007FF72800B8EB,?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871), ref: 00007FF72800A625
                                                                                                                                                                                                    • GetFileType.KERNEL32 ref: 00007FF72800C8FE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileInfoSleepStartupType
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1527402494-0
                                                                                                                                                                                                    • Opcode ID: 8533c35c8a20efeb12ed51f4efd1269282dbaf34b7f114ec22bf48b726a2f410
                                                                                                                                                                                                    • Instruction ID: 4d9d6712f96b28180959d45dfe5d50091874d86c3b7ce7e469a73ae7475f1c3d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8533c35c8a20efeb12ed51f4efd1269282dbaf34b7f114ec22bf48b726a2f410
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD91D521A09A8281F720AB24DC48638E795FB05774F994736C67D473D0CF3EE849CB29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728008520 Relevance: 6.4, APIs: 5, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                    			E00007FF77FF728008520(long long __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long _a8, long long _a24) {
				long long _v64;
				long long _v72;
				void* __rsi;
				void* __rbp;
				signed int _t53;
				signed int _t55;
				void* _t57;
				void* _t63;
				void* _t64;
				void* _t65;
				long long _t68;
				void* _t78;
				void* _t96;
				long long _t97;
				void* _t99;
				long long _t100;
				intOrPtr _t106;
				void* _t109;
				long long _t113;

				_t92 = __rdx;
				_t68 = __rax;
				_a8 = __rbx;
				_t78 = __rcx;
				r12d = 1;
				E00007FF77FF72800A574(_t57, __rax, __rcx, __rcx, _t96, _t99); // executed
				_t97 = _t68;
				_a24 = _t68;
				if (_t97 == _t68) goto 0x280086f1;
				_t3 = _t97 + 4; // 0x4
				_t100 = _t3;
				_t4 = _t78 + 0x68; // 0x68
				_t5 = _t109 + 2; // 0x3
				r8d = _t5;
				 *_t100 = 0;
				 *_t97 = r12d;
				_t106 =  *0x28030c88; // 0x7ff728030c50
				_v64 =  *_t4;
				_v72 = 0x28030d90;
				E00007FF77FF7280082BC(_t100, __rdx, _t106);
				_t8 = _t78 + 0x88; // 0x88
				if (E00007FF77FF728013850(0x28030d90, _t100, _t92, _t97, _t100, 0x28030d8c) == 0) goto 0x280085db;
				r9d = 0;
				r8d = 0;
				_v72 = _t97;
				E00007FF77FF728004308();
				E00007FF77FF72800BBE0(0,  *_t4,  *_t8);
				r8d = 3;
				_t53 =  !=  ? 0 : r12d;
				_t11 = _t78 + 0x48; // 0x4a
				_t113 = (_t109 + 1 << 5) + _t11;
				_v64 =  *_t113;
				_v72 = 0x28030d90;
				E00007FF77FF7280082BC(_t100,  *_t8,  *0x28030c88);
				if (0x7ff728030ca0 - 0x28030ce8 < 0) goto 0x280085af;
				r13d = 0;
				if (_t53 != r13d) goto 0x28008697;
				_t63 =  *((intOrPtr*)(_t78 + 0x58)) - _t113;
				if (_t63 == 0) goto 0x2800866e;
				asm("lock xadd [ecx], eax");
				if (_t63 != 0) goto 0x2800866e;
				free(??);
				_t64 =  *((intOrPtr*)(_t78 + 0x60)) - _t113;
				if (_t64 == 0) goto 0x2800868a;
				asm("lock xadd [edx], ecx");
				if (_t64 != 0) goto 0x2800868a;
				free(??);
				 *((long long*)(_t78 + 0x58)) = _a24;
				 *((long long*)(_t78 + 0x48)) = _t100;
				goto 0x280086e9;
				free(??);
				_t55 = _t53 | 0xffffffff;
				_t65 =  *((intOrPtr*)(_t78 + 0x58)) - _t113;
				if (_t65 == 0) goto 0x280086be;
				asm("lock xadd [ecx], eax");
				if (_t65 != 0) goto 0x280086be;
				free(??);
				if ( *((intOrPtr*)(_t78 + 0x60)) == _t113) goto 0x280086da;
				asm("lock xadd [edx], ecx");
				if (_t55 + _t55 != 0) goto 0x280086da;
				free(??);
				 *((long long*)(_t78 + 0x58)) = _t113;
				 *((long long*)(_t78 + 0x48)) = _t113;
				 *((long long*)(_t78 + 0x50)) = _t113;
				 *((long long*)(_t78 + 0x60)) = _t113;
				return _t55 + _t55;
			}






















                                                                                                                                                                                                    0x7ff728008520
                                                                                                                                                                                                    0x7ff728008520
                                                                                                                                                                                                    0x7ff728008520
                                                                                                                                                                                                    0x7ff728008534
                                                                                                                                                                                                    0x7ff728008537
                                                                                                                                                                                                    0x7ff728008545
                                                                                                                                                                                                    0x7ff72800854a
                                                                                                                                                                                                    0x7ff72800854d
                                                                                                                                                                                                    0x7ff72800855a
                                                                                                                                                                                                    0x7ff728008560
                                                                                                                                                                                                    0x7ff728008560
                                                                                                                                                                                                    0x7ff728008564
                                                                                                                                                                                                    0x7ff728008568
                                                                                                                                                                                                    0x7ff728008568
                                                                                                                                                                                                    0x7ff72800856d
                                                                                                                                                                                                    0x7ff728008570
                                                                                                                                                                                                    0x7ff728008577
                                                                                                                                                                                                    0x7ff72800857e
                                                                                                                                                                                                    0x7ff728008592
                                                                                                                                                                                                    0x7ff728008597
                                                                                                                                                                                                    0x7ff72800859f
                                                                                                                                                                                                    0x7ff7280085c5
                                                                                                                                                                                                    0x7ff7280085c7
                                                                                                                                                                                                    0x7ff7280085ca
                                                                                                                                                                                                    0x7ff7280085d1
                                                                                                                                                                                                    0x7ff7280085d6
                                                                                                                                                                                                    0x7ff7280085e3
                                                                                                                                                                                                    0x7ff7280085ed
                                                                                                                                                                                                    0x7ff7280085f8
                                                                                                                                                                                                    0x7ff728008610
                                                                                                                                                                                                    0x7ff728008610
                                                                                                                                                                                                    0x7ff728008619
                                                                                                                                                                                                    0x7ff728008625
                                                                                                                                                                                                    0x7ff72800862a
                                                                                                                                                                                                    0x7ff728008639
                                                                                                                                                                                                    0x7ff728008647
                                                                                                                                                                                                    0x7ff72800864d
                                                                                                                                                                                                    0x7ff728008656
                                                                                                                                                                                                    0x7ff728008659
                                                                                                                                                                                                    0x7ff72800865d
                                                                                                                                                                                                    0x7ff728008663
                                                                                                                                                                                                    0x7ff728008669
                                                                                                                                                                                                    0x7ff728008672
                                                                                                                                                                                                    0x7ff728008675
                                                                                                                                                                                                    0x7ff728008679
                                                                                                                                                                                                    0x7ff72800867f
                                                                                                                                                                                                    0x7ff728008685
                                                                                                                                                                                                    0x7ff72800868a
                                                                                                                                                                                                    0x7ff72800868e
                                                                                                                                                                                                    0x7ff728008695
                                                                                                                                                                                                    0x7ff72800869a
                                                                                                                                                                                                    0x7ff7280086a3
                                                                                                                                                                                                    0x7ff7280086a6
                                                                                                                                                                                                    0x7ff7280086a9
                                                                                                                                                                                                    0x7ff7280086ad
                                                                                                                                                                                                    0x7ff7280086b3
                                                                                                                                                                                                    0x7ff7280086b9
                                                                                                                                                                                                    0x7ff7280086c5
                                                                                                                                                                                                    0x7ff7280086c9
                                                                                                                                                                                                    0x7ff7280086cf
                                                                                                                                                                                                    0x7ff7280086d5
                                                                                                                                                                                                    0x7ff7280086e1
                                                                                                                                                                                                    0x7ff7280086e5
                                                                                                                                                                                                    0x7ff7280086e9
                                                                                                                                                                                                    0x7ff7280086ed
                                                                                                                                                                                                    0x7ff728008705

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ExceptionFilterProcessUnhandled_errno$CaptureContextCurrentDebuggerErrorFreeHeapLastPresentSleepTerminatemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2327265721-0
                                                                                                                                                                                                    • Opcode ID: def5f98aa189ed1fb9de0a002abd7351bc365c7a9b586d71034df92824fd45d2
                                                                                                                                                                                                    • Instruction ID: aee9cf70a1e6f08bfbaabe33022bd533daa6e27140ffd409228a98820f8be108
                                                                                                                                                                                                    • Opcode Fuzzy Hash: def5f98aa189ed1fb9de0a002abd7351bc365c7a9b586d71034df92824fd45d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5051B132A05A8182EB30AF15EC1016DF395FB84B98F894136DE6D477D4DE3DD846CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728008E74 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                                                                    			E00007FF77FF728008E74(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r9, signed int __r12, long long _a8, long long _a16, signed int* _a24, long long _a32) {
				signed int* _v40;
				signed int _v56;
				void* _t36;
				void* _t49;
				void* _t50;
				intOrPtr _t56;
				void* _t63;
				void* _t64;
				signed int* _t75;
				signed int _t92;
				intOrPtr _t96;
				signed int* _t99;
				signed int* _t102;
				void* _t110;
				intOrPtr _t111;
				void* _t115;

				_t110 = __r9;
				_t108 = __r8;
				_t104 = __rbp;
				_t91 = __rdx;
				_t81 = __rcx;
				_t80 = __rbx;
				_t75 = __rax;
				_t64 = __esi;
				_t63 = __edi;
				_t50 = __ebx;
				_a8 = __rsi;
				_a16 = __rdi;
				_a32 = __r12;
				_t115 = __rdx;
				r14d = __ecx;
				r12d = 0;
				_t65 = __ecx - 5;
				if (__ecx - 5 <= 0) goto 0x28008ec1;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 0x16;
				_v56 = _v56 & __r12;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(__rax, __rbx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0x28009077;
				E00007FF77FF72800B93C(0, _t65, __rax);
				_t102 = _t75;
				_a24 = _t75;
				E00007FF77FF72800819C(_t75);
				_t102[0x32] = _t102[0x32] | 0x00000010;
				E00007FF77FF72800A5E0(_t80, _t81, _t91, __rdi, _t102, _t104);
				_t99 = _t75;
				if (_t75 == 0) goto 0x2800906d;
				E00007FF77FF72800FF60();
				_t92 = _t102[0x30];
				if (_t92 == 0) goto 0x28008f2b;
				if (_t99 == _t92) goto 0x28008f2b;
				r8d = 0x160;
				_t36 = E00007FF77FF72800AE90(0xc, _t99 - _t92, _t99, _t92, _t108);
				 *_t99 =  *_t99 & 0x00000000;
				E00007FF77FF728008004(_t36, _t99, _t108);
				E00007FF77FF72800FE60();
				_t109 = _t115;
				E00007FF77FF728008C50(_t50, 0xc, r14d, _t99, _t92, _t115, _t110); // executed
				_v40 = _t75;
				if (_t75 == 0) goto 0x2800905f;
				if (_t115 == 0) goto 0x28008f82;
				E00007FF77FF72800BBE0(0xc, _t115, 0x28040a20);
				_t56 =  *0x280430bc; // 0x0
				r13d = 1;
				_t57 =  !=  ? r13d : _t56;
				 *0x280430bc =  !=  ? r13d : _t56;
				goto 0x28008f88;
				r13d = 1;
				E00007FF77FF72800FF60();
				_t11 =  &(_t102[0x30]); // 0xc0
				E00007FF77FF72800809C(E00007FF77FF728008144(_t63, _t64, _t75, _t11, _t99, _t102), _t99, _t115);
				if ((_t102[0x32] & 0x00000002) != 0) goto 0x28009053;
				if (( *0x28040a10 & r13b) != 0) goto 0x28009053;
				E00007FF77FF728008144(_t63, _t64, _t75, 0x28040b90, _t102[0x30], _t102);
				_t96 =  *0x28040b90; // 0x1034b80
				r8d = 0x18;
				E00007FF77FF72800AE90(0xc,  *0x28040a10 & r13b, 0x28043ba0, _t96 + 0xc, _t115);
				_t111 =  *0x28040b90; // 0x1034b80
				 *0x28043bb8 =  *((intOrPtr*)(_t111 + 4));
				 *0x28043bbc =  *((intOrPtr*)(_t111 + 8));
				 *0x28040b98 =  *((intOrPtr*)(_t111 + 0x108));
				 *0x28041718 =  *((intOrPtr*)(_t111 + 0x158));
				 *0x280401f8 =  *((intOrPtr*)(_t111 + 0x128));
				 *0x28040440 =  *((intOrPtr*)(_t111 + 0x140));
				 *0x28041720 =  *((intOrPtr*)(_t111 + 0x10c));
				E00007FF77FF72800FE60();
				goto 0x2800906d;
				E00007FF77FF72800809C( *((intOrPtr*)(_t111 + 0x10c)), _t99, _t109);
				_t49 = E00007FF77FF728007E88(_t80, _t99, _t102, _t109);
				_t102[0x32] = _t102[0x32] & 0xffffffef;
				return _t49;
			}



















                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e74
                                                                                                                                                                                                    0x7ff728008e79
                                                                                                                                                                                                    0x7ff728008e7e
                                                                                                                                                                                                    0x7ff728008e8d
                                                                                                                                                                                                    0x7ff728008e90
                                                                                                                                                                                                    0x7ff728008e93
                                                                                                                                                                                                    0x7ff728008e96
                                                                                                                                                                                                    0x7ff728008e99
                                                                                                                                                                                                    0x7ff728008e9b
                                                                                                                                                                                                    0x7ff728008ea0
                                                                                                                                                                                                    0x7ff728008ea6
                                                                                                                                                                                                    0x7ff728008eab
                                                                                                                                                                                                    0x7ff728008eae
                                                                                                                                                                                                    0x7ff728008eb5
                                                                                                                                                                                                    0x7ff728008ebc
                                                                                                                                                                                                    0x7ff728008ec1
                                                                                                                                                                                                    0x7ff728008ec6
                                                                                                                                                                                                    0x7ff728008ec9
                                                                                                                                                                                                    0x7ff728008ece
                                                                                                                                                                                                    0x7ff728008ed3
                                                                                                                                                                                                    0x7ff728008ee4
                                                                                                                                                                                                    0x7ff728008ee9
                                                                                                                                                                                                    0x7ff728008eef
                                                                                                                                                                                                    0x7ff728008efa
                                                                                                                                                                                                    0x7ff728008f00
                                                                                                                                                                                                    0x7ff728008f0a
                                                                                                                                                                                                    0x7ff728008f0f
                                                                                                                                                                                                    0x7ff728008f14
                                                                                                                                                                                                    0x7ff728008f1a
                                                                                                                                                                                                    0x7ff728008f1f
                                                                                                                                                                                                    0x7ff728008f25
                                                                                                                                                                                                    0x7ff728008f30
                                                                                                                                                                                                    0x7ff728008f35
                                                                                                                                                                                                    0x7ff728008f3e
                                                                                                                                                                                                    0x7ff728008f46
                                                                                                                                                                                                    0x7ff728008f4e
                                                                                                                                                                                                    0x7ff728008f57
                                                                                                                                                                                                    0x7ff728008f63
                                                                                                                                                                                                    0x7ff728008f68
                                                                                                                                                                                                    0x7ff728008f70
                                                                                                                                                                                                    0x7ff728008f76
                                                                                                                                                                                                    0x7ff728008f7a
                                                                                                                                                                                                    0x7ff728008f80
                                                                                                                                                                                                    0x7ff728008f82
                                                                                                                                                                                                    0x7ff728008f8d
                                                                                                                                                                                                    0x7ff728008f96
                                                                                                                                                                                                    0x7ff728008fa5
                                                                                                                                                                                                    0x7ff728008fb1
                                                                                                                                                                                                    0x7ff728008fbe
                                                                                                                                                                                                    0x7ff728008fd2
                                                                                                                                                                                                    0x7ff728008fd7
                                                                                                                                                                                                    0x7ff728008fe2
                                                                                                                                                                                                    0x7ff728008fef
                                                                                                                                                                                                    0x7ff728008ff4
                                                                                                                                                                                                    0x7ff728008fff
                                                                                                                                                                                                    0x7ff728009009
                                                                                                                                                                                                    0x7ff728009016
                                                                                                                                                                                                    0x7ff728009023
                                                                                                                                                                                                    0x7ff728009031
                                                                                                                                                                                                    0x7ff72800903f
                                                                                                                                                                                                    0x7ff72800904d
                                                                                                                                                                                                    0x7ff728009058
                                                                                                                                                                                                    0x7ff72800905d
                                                                                                                                                                                                    0x7ff728009062
                                                                                                                                                                                                    0x7ff728009067
                                                                                                                                                                                                    0x7ff72800906d
                                                                                                                                                                                                    0x7ff728009090

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lock$DecodePointer_errno_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4201827665-0
                                                                                                                                                                                                    • Opcode ID: f69661139c2ccdaea8614eccadf113ca2f6b788d7e3362209dbcf903ea8732cd
                                                                                                                                                                                                    • Instruction ID: 26158333697a70b5bc404d22d7af554f2249a7adda708fd719a001a5d87ca73e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f69661139c2ccdaea8614eccadf113ca2f6b788d7e3362209dbcf903ea8732cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7514A31A09A4286F764BB21AC50BBAE295FF45784F944036DA6D477D2DE3EE4008F2C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800BAD8 Relevance: 4.5, APIs: 3, Instructions: 35memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 23%
                                                                                                                                                                                                    			E00007FF77FF72800BAD8(long* __rax, void* __rcx, void* __rdx, void* __rdi, void* __rsi) {
				void* __rbx;
				intOrPtr _t5;
				void* _t6;
				long _t8;
				long* _t21;
				void* _t22;
				long* _t23;
				void* _t31;

				_t30 = __rsi;
				_t29 = __rdi;
				_t21 = __rax;
				E00007FF77FF728005910(__rax); // executed
				_t5 = E00007FF77FF72800FD50(_t22, __rdi, __rsi);
				if (_t5 == 0) goto 0x2800bb4c;
				__imp__FlsAlloc();
				 *0x28040810 = _t5;
				if (_t5 == 0xffffffff) goto 0x2800bb4c;
				_t6 = E00007FF77FF72800A5E0(_t22, 0x7ff72800b960, __rdx, _t29, _t30, _t31);
				_t23 = _t21;
				if (_t21 == 0) goto 0x2800bb4c;
				__imp__FlsSetValue();
				if (_t6 == 0) goto 0x2800bb4c;
				E00007FF77FF72800B804(_t23, _t23, _t21);
				_t8 = GetCurrentThreadId();
				_t23[2] = _t23[2] | 0xffffffff;
				 *_t23 = _t8;
				goto 0x2800bb53;
				E00007FF77FF72800B7DC(_t23, _t23, _t21);
				return 0;
			}











                                                                                                                                                                                                    0x7ff72800bad8
                                                                                                                                                                                                    0x7ff72800bad8
                                                                                                                                                                                                    0x7ff72800bad8
                                                                                                                                                                                                    0x7ff72800bade
                                                                                                                                                                                                    0x7ff72800bae3
                                                                                                                                                                                                    0x7ff72800baea
                                                                                                                                                                                                    0x7ff72800baf3
                                                                                                                                                                                                    0x7ff72800baf9
                                                                                                                                                                                                    0x7ff72800bb02
                                                                                                                                                                                                    0x7ff72800bb0e
                                                                                                                                                                                                    0x7ff72800bb13
                                                                                                                                                                                                    0x7ff72800bb19
                                                                                                                                                                                                    0x7ff72800bb24
                                                                                                                                                                                                    0x7ff72800bb2c
                                                                                                                                                                                                    0x7ff72800bb33
                                                                                                                                                                                                    0x7ff72800bb38
                                                                                                                                                                                                    0x7ff72800bb3e
                                                                                                                                                                                                    0x7ff72800bb43
                                                                                                                                                                                                    0x7ff72800bb4a
                                                                                                                                                                                                    0x7ff72800bb4c
                                                                                                                                                                                                    0x7ff72800bb58

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00007FF728005910: _initp_misc_winsig.LIBCMT ref: 00007FF728005949
                                                                                                                                                                                                      • Part of subcall function 00007FF728005910: EncodePointer.KERNEL32(?,?,00000000,00007FF72800BAE3,?,?,00000000,00007FF728004727), ref: 00007FF728005965
                                                                                                                                                                                                    • FlsAlloc.KERNEL32(?,?,00000000,00007FF728004727), ref: 00007FF72800BAF3
                                                                                                                                                                                                      • Part of subcall function 00007FF72800A5E0: Sleep.KERNEL32(?,?,?,00007FF72800B8EB,?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871), ref: 00007FF72800A625
                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,00000000,00007FF728004727), ref: 00007FF72800BB24
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FF72800BB38
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lock$AllocCurrentEncodePointerSleepThreadValue_initp_misc_winsig
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 54287522-0
                                                                                                                                                                                                    • Opcode ID: de95eaae2b1d1c57757afb457a2a3e14f08f94a5831e49998ee3f3ac3efbfa47
                                                                                                                                                                                                    • Instruction ID: 65b887fba186a671d8e1c6d62f09d13329fb1d67788815ae0ea72964caa99958
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de95eaae2b1d1c57757afb457a2a3e14f08f94a5831e49998ee3f3ac3efbfa47
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8014F20E0A60746FB747B719C54678E291EF44760F884736C43D852E6FEAEA4818F39
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014664 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF77FF728014664(void* __eax, long long __rbx, signed long long __rcx, signed long long __rdx, void* __rsi, void* __rbp, intOrPtr* __r8, long long _a8) {
				signed long long _v24;
				void* _t19;
				intOrPtr* _t34;
				intOrPtr* _t36;
				signed long long _t38;
				signed long long _t42;

				_t41 = __rdx;
				_t38 = __rcx;
				_a8 = __rbx;
				_t36 = __r8;
				_t42 = __rdx;
				if (__rcx == 0) goto 0x280146ab;
				_t2 = _t41 - 0x20; // -32
				_t34 = _t2;
				if (_t34 - __rdx >= 0) goto 0x280146ab;
				E00007FF77FF7280078AC(_t34);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t34 = 0xc;
				E00007FF77FF728004430(_t34, __r8, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0x28014708;
				_t44 =  ==  ? _t34 : _t42 * _t38;
				if (( ==  ? _t34 : _t42 * _t38) - 0xffffffe0 > 0) goto 0x280146db;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t34 != 0) goto 0x28014708;
				if ( *0x28043b98 == 0) goto 0x280146fd;
				_t19 = E00007FF77FF72800BC98(_t34,  ==  ? _t34 : _t42 * _t38);
				if (_t19 != 0) goto 0x280146bb;
				if (_t36 == 0) goto 0x280146a7;
				 *_t36 = 0xc;
				goto 0x280146a7;
				if (_t36 == 0) goto 0x28014708;
				 *_t36 = 0xc;
				return _t19;
			}









                                                                                                                                                                                                    0x7ff728014664
                                                                                                                                                                                                    0x7ff728014664
                                                                                                                                                                                                    0x7ff728014664
                                                                                                                                                                                                    0x7ff72801466e
                                                                                                                                                                                                    0x7ff728014671
                                                                                                                                                                                                    0x7ff728014677
                                                                                                                                                                                                    0x7ff72801467b
                                                                                                                                                                                                    0x7ff72801467b
                                                                                                                                                                                                    0x7ff728014685
                                                                                                                                                                                                    0x7ff728014687
                                                                                                                                                                                                    0x7ff72801468c
                                                                                                                                                                                                    0x7ff728014692
                                                                                                                                                                                                    0x7ff728014695
                                                                                                                                                                                                    0x7ff72801469c
                                                                                                                                                                                                    0x7ff7280146a2
                                                                                                                                                                                                    0x7ff7280146a9
                                                                                                                                                                                                    0x7ff7280146b7
                                                                                                                                                                                                    0x7ff7280146c1
                                                                                                                                                                                                    0x7ff7280146d0
                                                                                                                                                                                                    0x7ff7280146d9
                                                                                                                                                                                                    0x7ff7280146e2
                                                                                                                                                                                                    0x7ff7280146e7
                                                                                                                                                                                                    0x7ff7280146ee
                                                                                                                                                                                                    0x7ff7280146f3
                                                                                                                                                                                                    0x7ff7280146f5
                                                                                                                                                                                                    0x7ff7280146fb
                                                                                                                                                                                                    0x7ff728014700
                                                                                                                                                                                                    0x7ff728014702
                                                                                                                                                                                                    0x7ff728014712

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.LIBCMT ref: 00007FF728014687
                                                                                                                                                                                                      • Part of subcall function 00007FF728004430: DecodePointer.KERNEL32 ref: 00007FF728004457
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,?,?,?,00000000,00007FF72800A613,?,?,?,00007FF72800B8EB,?,?,?,00007FF7280078B5), ref: 00007FF7280146D0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateDecodeHeapPointer_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 15861996-0
                                                                                                                                                                                                    • Opcode ID: b0e852ac2ae4dd9ee59b8914b12bc75567783781675997a08f6f7f30866a8375
                                                                                                                                                                                                    • Instruction ID: 81fd93e419bcf298b9eeedc34dd7d8bfd715d99cd60ad1d4db8830b8f0b301f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e852ac2ae4dd9ee59b8914b12bc75567783781675997a08f6f7f30866a8375
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E112E21B0DA0241FB306B10DE04735E2D2DF417B8F98D632CE1D07AE4EE3E90404E29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802B620 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E00007FF77FF72802B620(void* __ebx, long long __rax, void* __rcx, void* __rsi, void* __rbp, void* __r10) {
				long long _v24;
				long long _v32;
				short _v48;
				char _v56;
				void* __rbx;
				long _t12;
				void* _t19;
				void* _t20;
				long long _t26;
				void* _t27;
				void* _t36;
				void* _t37;

				_t26 = __rax;
				if ( *((long long*)(__rcx + 0x18)) - 3 < 0) goto 0x2802b6a6;
				_t33 = __rcx;
				E00007FF77FF72802B410(__ebx, _t19, _t20,  *((long long*)(__rcx + 0x18)) - 3, _t27,  &_v56, __rcx, __rbp, _t36, __r10);
				if ( *((long long*)(_t26 + 0x20)) - 8 < 0) goto 0x2802b647;
				goto 0x2802b64b;
				_t12 = GetFileAttributesW(??); // executed
				if (_v24 - 8 < 0) goto 0x2802b665;
				E00007FF77FF7280044D8(_t26, _t27, _v48, _t33, __rsi, _t36, _t37);
				_v24 = 7;
				_v32 = _t26;
				_v48 = 0;
				if (_t12 != 0xffffffff) goto 0x2802b692;
				if (GetLastError() != 0x20) goto 0x2802b6a6;
				return 1;
			}















                                                                                                                                                                                                    0x7ff72802b620
                                                                                                                                                                                                    0x7ff72802b62b
                                                                                                                                                                                                    0x7ff72802b62d
                                                                                                                                                                                                    0x7ff72802b635
                                                                                                                                                                                                    0x7ff72802b63f
                                                                                                                                                                                                    0x7ff72802b645
                                                                                                                                                                                                    0x7ff72802b64b
                                                                                                                                                                                                    0x7ff72802b659
                                                                                                                                                                                                    0x7ff72802b660
                                                                                                                                                                                                    0x7ff72802b667
                                                                                                                                                                                                    0x7ff72802b670
                                                                                                                                                                                                    0x7ff72802b675
                                                                                                                                                                                                    0x7ff72802b67d
                                                                                                                                                                                                    0x7ff72802b688
                                                                                                                                                                                                    0x7ff72802b691

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1799206407-0
                                                                                                                                                                                                    • Opcode ID: 8bc7ac336bc4565f4dd3e229d3f68aa04ac1717867004368b237860524ec1113
                                                                                                                                                                                                    • Instruction ID: 93f31ea5504ddde46f357097976520cf3ad1562831c3ca8e56363a3b6cf5576d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bc7ac336bc4565f4dd3e229d3f68aa04ac1717867004368b237860524ec1113
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B301D222D18941C3EF30A730DC98778E361EB80714F940232C25D962E4CF7ED9D48B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800C6C8 Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF77FF72800C6C8(void* __edi, void* __ebp, intOrPtr* __rax, long long __rbx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t15;
				intOrPtr* _t24;
				intOrPtr* _t25;
				long long _t27;
				intOrPtr* _t34;

				_t27 = __rbx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				GetEnvironmentStringsW(); // executed
				_t34 = __rax;
				if (__rax != __rbx) goto 0x2800c6f0;
				goto 0x2800c73c;
				if ( *__rax == 0) goto 0x2800c707;
				_t24 = __rax + 2;
				if ( *_t24 != 0) goto 0x2800c6f5;
				_t25 = _t24 + 2;
				if ( *_t25 != 0) goto 0x2800c6f5;
				_t39 = 0 - __edi + 2;
				E00007FF77FF72800A574(__ebp, _t25, __rbx, 0 - __edi + 2, __rsi, 0 - __edi + 2); // executed
				if (_t25 == _t27) goto 0x2800c730;
				E00007FF77FF72800AE90(_t15, _t25 - _t27, _t25, _t34, _t39);
				return FreeEnvironmentStringsW(??);
			}








                                                                                                                                                                                                    0x7ff72800c6c8
                                                                                                                                                                                                    0x7ff72800c6c8
                                                                                                                                                                                                    0x7ff72800c6cd
                                                                                                                                                                                                    0x7ff72800c6d2
                                                                                                                                                                                                    0x7ff72800c6dc
                                                                                                                                                                                                    0x7ff72800c6e4
                                                                                                                                                                                                    0x7ff72800c6ea
                                                                                                                                                                                                    0x7ff72800c6ee
                                                                                                                                                                                                    0x7ff72800c6f3
                                                                                                                                                                                                    0x7ff72800c6f5
                                                                                                                                                                                                    0x7ff72800c6fc
                                                                                                                                                                                                    0x7ff72800c6fe
                                                                                                                                                                                                    0x7ff72800c705
                                                                                                                                                                                                    0x7ff72800c70c
                                                                                                                                                                                                    0x7ff72800c712
                                                                                                                                                                                                    0x7ff72800c71d
                                                                                                                                                                                                    0x7ff72800c728
                                                                                                                                                                                                    0x7ff72800c750

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNELBASE(?,?,00000001,00007FF728004777), ref: 00007FF72800C6DC
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,00000001,00007FF728004777), ref: 00007FF72800C733
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3328510275-0
                                                                                                                                                                                                    • Opcode ID: e9e2d5b3a4917f75dcd00ab3f1514e9b6828666610862c6d897de6f71c12553c
                                                                                                                                                                                                    • Instruction ID: f93793c9ad30d42d55467415fe7a1d7ef8a38c2048f1d59e548db2fcffd6c69d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9e2d5b3a4917f75dcd00ab3f1514e9b6828666610862c6d897de6f71c12553c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C018F12F0938285EE70BF62BD4503AE2A0EF44FC0B884432DB5E137D6DE2DE5958B24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728005910 Relevance: 3.0, APIs: 2, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00007FF77FF728005910(long long __rax) {
				void* _t2;
				void* _t10;

				E00007FF77FF72800B7B0(); // executed
				_t10 = E00007FF77FF72801016C(E00007FF77FF72801A280(E00007FF77FF728010188(E00007FF77FF728010428(E00007FF77FF72800FD2C(E00007FF77FF728004300(E00007FF77FF728010430(E00007FF77FF72800BC90(_t2, __rax), __rax), __rax), __rax), __rax), __rax)), __rax);
				0x2800b7a8();
				 *0x28040200 = __rax;
				return _t10;
			}





                                                                                                                                                                                                    0x7ff728005916
                                                                                                                                                                                                    0x7ff728005959
                                                                                                                                                                                                    0x7ff728005965
                                                                                                                                                                                                    0x7ff72800596a
                                                                                                                                                                                                    0x7ff728005976

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _initp_misc_winsig.LIBCMT ref: 00007FF728005949
                                                                                                                                                                                                      • Part of subcall function 00007FF72801016C: EncodePointer.KERNEL32(?,?,?,?,00007FF72800595E,?,?,00000000,00007FF72800BAE3,?,?,00000000,00007FF728004727), ref: 00007FF728010177
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,00000000,00007FF72800BAE3,?,?,00000000,00007FF728004727), ref: 00007FF728005965
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodePointer$_initp_misc_winsig
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 190222155-0
                                                                                                                                                                                                    • Opcode ID: 74bf83648d0d11f1f7dce34e57aca7fdbc386c1892a025d5a760b0d6547989f4
                                                                                                                                                                                                    • Instruction ID: b658a4e1bb59cdc904d9775d551fac983471893914c0f197bd10949b34629902
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74bf83648d0d11f1f7dce34e57aca7fdbc386c1892a025d5a760b0d6547989f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EF0AC00E9920740F868B7627C624BDD250CF86750FC83033E86F2A3C3ED2EA0514BB8
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800CABC Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$CreateInformation
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1774340351-0
                                                                                                                                                                                                    • Opcode ID: a0f4fcd3cb0a49994bd9f38eb5e0d86323c9ca9cc061fcc2852eb2b41b563da2
                                                                                                                                                                                                    • Instruction ID: 18294803798447b0da15e27dfa791226ed0b14f7856b93f59699f95604f91c51
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0f4fcd3cb0a49994bd9f38eb5e0d86323c9ca9cc061fcc2852eb2b41b563da2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBE09AB4F26B8182E7A8AB21EC09B26E290EF88340FC0503AEA4D42794DF3DC0448F10
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800C308 Relevance: 2.6, APIs: 2, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF72800C308(signed int __eax, void* __ecx, long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v24;
				void* _t22;
				signed int _t35;
				signed long long _t46;
				void* _t49;
				long long _t51;
				signed long long _t64;
				signed long long _t72;
				void* _t77;

				_t67 = __rsi;
				_t63 = __rdi;
				_t61 = __rdx;
				_t46 = _t72;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				_t49 =  *0x28043058; // 0x0
				r12d = 0;
				if (_t49 != _t77) goto 0x2800c350;
				goto 0x2800c40b;
				if ((__eax | 0xffffffff) == 0x3d) goto 0x2800c343;
				E00007FF77FF72800FD34(__eax | 0xffffffff, _t49);
				if (( *(_t49 + 2 + _t46 * 2) & 0x0000ffff) != r12w) goto 0x2800c33b;
				_t8 = _t63 + 1; // 0x1
				_t22 = E00007FF77FF72800A5E0(_t49 + 2 + _t46 * 2, _t8, __rdx, __rdi, __rsi, __rbp);
				_t64 = _t46;
				 *0x28043090 = _t46;
				if (_t46 == _t77) goto 0x2800c333;
				_t51 =  *0x28043058; // 0x0
				if ( *_t51 == r12w) goto 0x2800c3ed;
				E00007FF77FF72800FD34(_t22, _t51);
				_t9 = _t46 + 1; // 0x1
				_t35 = _t9;
				if ( *_t51 == 0x3d) goto 0x2800c3d9;
				_t70 = _t35;
				E00007FF77FF72800A5E0(_t51, _t35, _t61, _t64, _t67, _t35); // executed
				 *_t64 = _t46;
				if (_t46 == _t77) goto 0x2800c426;
				if (E00007FF77FF728005EE0(_t46, _t51, _t46, _t70, _t51) == r12d) goto 0x2800c3d5;
				r9d = 0;
				r8d = 0;
				_v24 = _t77;
				E00007FF77FF728004308();
				if ( *((intOrPtr*)(_t51 + _t35 * 2)) != r12w) goto 0x2800c385;
				free(_t77);
				 *0x28043058 = _t77;
				 *(_t64 + 8) = _t77;
				 *0x28049c04 = 1;
				return 0;
			}












                                                                                                                                                                                                    0x7ff72800c308
                                                                                                                                                                                                    0x7ff72800c308
                                                                                                                                                                                                    0x7ff72800c308
                                                                                                                                                                                                    0x7ff72800c308
                                                                                                                                                                                                    0x7ff72800c30b
                                                                                                                                                                                                    0x7ff72800c30f
                                                                                                                                                                                                    0x7ff72800c313
                                                                                                                                                                                                    0x7ff72800c317
                                                                                                                                                                                                    0x7ff72800c321
                                                                                                                                                                                                    0x7ff72800c328
                                                                                                                                                                                                    0x7ff72800c331
                                                                                                                                                                                                    0x7ff72800c336
                                                                                                                                                                                                    0x7ff72800c33f
                                                                                                                                                                                                    0x7ff72800c346
                                                                                                                                                                                                    0x7ff72800c357
                                                                                                                                                                                                    0x7ff72800c359
                                                                                                                                                                                                    0x7ff72800c364
                                                                                                                                                                                                    0x7ff72800c369
                                                                                                                                                                                                    0x7ff72800c36c
                                                                                                                                                                                                    0x7ff72800c376
                                                                                                                                                                                                    0x7ff72800c378
                                                                                                                                                                                                    0x7ff72800c383
                                                                                                                                                                                                    0x7ff72800c388
                                                                                                                                                                                                    0x7ff72800c391
                                                                                                                                                                                                    0x7ff72800c391
                                                                                                                                                                                                    0x7ff72800c394
                                                                                                                                                                                                    0x7ff72800c396
                                                                                                                                                                                                    0x7ff72800c3a1
                                                                                                                                                                                                    0x7ff72800c3a6
                                                                                                                                                                                                    0x7ff72800c3ac
                                                                                                                                                                                                    0x7ff72800c3bf
                                                                                                                                                                                                    0x7ff72800c3c1
                                                                                                                                                                                                    0x7ff72800c3c4
                                                                                                                                                                                                    0x7ff72800c3cb
                                                                                                                                                                                                    0x7ff72800c3d0
                                                                                                                                                                                                    0x7ff72800c3e4
                                                                                                                                                                                                    0x7ff72800c3f0
                                                                                                                                                                                                    0x7ff72800c3f5
                                                                                                                                                                                                    0x7ff72800c3fc
                                                                                                                                                                                                    0x7ff72800c3ff
                                                                                                                                                                                                    0x7ff72800c425

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: c1d1efebb4359f288f5ab5fbc08614582816a885133ec421e98c48bdfdb18eab
                                                                                                                                                                                                    • Instruction ID: 76e91a1cfaf0761922e99aed57117c54385c25e94776ada1257dd658b46af657
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1d1efebb4359f288f5ab5fbc08614582816a885133ec421e98c48bdfdb18eab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9316D22A5864280F634BB21AC12279F3A1FB44B80FCD4533DA5D477D6CE7EE455DB18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800A574 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF72800A593
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _FF_MSGBANNER.LIBCMT ref: 00007FF7280048E0
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF72800A598,?,?,00000000,00007FF72800FED9,?,?,?,00007FF72800FF83), ref: 00007FF728004905
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _errno.LIBCMT ref: 00007FF728004929
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _errno.LIBCMT ref: 00007FF728004934
                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,00000000,00007FF72800FED9,?,?,?,00007FF72800FF83), ref: 00007FF72800A5AA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$AllocateHeapSleepmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4275769124-0
                                                                                                                                                                                                    • Opcode ID: bd13dfa245dfbbdecbc5965e138b5fdfee0d4ec3a6d1675b05ac1045423cc446
                                                                                                                                                                                                    • Instruction ID: 61a36d0a859a2b360e77116e0c9423e42876765d6946a79e6c5866083f3dc3df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd13dfa245dfbbdecbc5965e138b5fdfee0d4ec3a6d1675b05ac1045423cc446
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F0CD31A0874585E5256F12BC4002EF291FB84750F880235EA6D077C5CF3DE8518B44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728010024 Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,00000001,00007FF7280056CF,?,?,00000001,00007FF7280047AB), ref: 00007FF72801003D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2118026453-0
                                                                                                                                                                                                    • Opcode ID: bfac969eb8d0f6839c0f34c126e53fdce9e834d7b244de2d6ab758f89b9f9e62
                                                                                                                                                                                                    • Instruction ID: c6b508d427a6b1a9e35977afd9affbae30be6f6efd5333b277f7aaaba37e4095
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfac969eb8d0f6839c0f34c126e53fdce9e834d7b244de2d6ab758f89b9f9e62
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63D02B32F6454181DB115B20FC5016CE3A4EBC5BD4FD88032DA5C07685DD3DC892CB15
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800A5E0 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00007FF77FF72800A5E0(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t10;
				void* _t11;
				void* _t17;
				void* _t20;
				long long _t29;
				void* _t37;
				void* _t40;
				long _t41;

				_t29 = __rdi;
				_t20 = _t37;
				 *((long long*)(_t20 + 8)) = __rbx;
				 *((long long*)(_t20 + 0x10)) = __rbp;
				 *((long long*)(_t20 + 0x18)) = __rsi;
				 *((long long*)(_t20 + 0x20)) = __rdi;
				r12d = r12d | 0xffffffff;
				r8d = 0;
				_t11 = E00007FF77FF728014664(_t10, __rbx, __rcx, __rdx, __rdx, __rcx, _t40); // executed
				if (_t20 != 0) goto 0x2800a645;
				_t17 =  *0x280430c0 - _t11; // 0x0
				if (_t17 <= 0) goto 0x2800a645;
				Sleep(_t41);
				_t5 = _t29 + 0x3e8; // 0x3e8
				r11d = _t5;
				_t15 =  >  ? r12d : r11d;
				_t19 = ( >  ? r12d : r11d) - r12d;
				if (( >  ? r12d : r11d) != r12d) goto 0x2800a605;
				return _t11;
			}











                                                                                                                                                                                                    0x7ff72800a5e0
                                                                                                                                                                                                    0x7ff72800a5e0
                                                                                                                                                                                                    0x7ff72800a5e3
                                                                                                                                                                                                    0x7ff72800a5e7
                                                                                                                                                                                                    0x7ff72800a5eb
                                                                                                                                                                                                    0x7ff72800a5ef
                                                                                                                                                                                                    0x7ff72800a601
                                                                                                                                                                                                    0x7ff72800a605
                                                                                                                                                                                                    0x7ff72800a60e
                                                                                                                                                                                                    0x7ff72800a619
                                                                                                                                                                                                    0x7ff72800a61b
                                                                                                                                                                                                    0x7ff72800a621
                                                                                                                                                                                                    0x7ff72800a625
                                                                                                                                                                                                    0x7ff72800a62b
                                                                                                                                                                                                    0x7ff72800a62b
                                                                                                                                                                                                    0x7ff72800a63c
                                                                                                                                                                                                    0x7ff72800a640
                                                                                                                                                                                                    0x7ff72800a643
                                                                                                                                                                                                    0x7ff72800a662

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,?,00007FF72800B8EB,?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871), ref: 00007FF72800A625
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1068366078-0
                                                                                                                                                                                                    • Opcode ID: e0c6aa7e01e015a0de39a721ee99d897d7ef22429643003cfd3a104248ad44f7
                                                                                                                                                                                                    • Instruction ID: cc8f193ee6b98fe5a6386642f9279768f74e9a35acacd0c2da263ada700f8b02
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0c6aa7e01e015a0de39a721ee99d897d7ef22429643003cfd3a104248ad44f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3016722A14B8186EA65AF169C50529F661FB88FD0B495232DE5D077D1CF3DE851CB08
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00007FF728018D70 Relevance: 40.8, APIs: 27, Instructions: 305COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF77FF728018D70(void* __ebx, long long __rbx, long long __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t122;
				void* _t135;
				intOrPtr _t137;
				char _t156;
				intOrPtr _t158;
				intOrPtr* _t165;
				long long _t174;
				intOrPtr* _t180;
				intOrPtr* _t183;
				intOrPtr _t184;
				intOrPtr* _t185;
				intOrPtr* _t189;
				intOrPtr* _t190;
				intOrPtr _t202;
				long long _t209;
				intOrPtr _t213;
				void* _t214;
				void* _t216;
				intOrPtr* _t217;
				intOrPtr _t219;
				intOrPtr _t222;
				intOrPtr* _t223;
				long long _t224;
				void* _t226;
				intOrPtr* _t229;
				intOrPtr _t230;
				void* _t232;
				intOrPtr* _t236;
				void* _t239;
				void* _t240;
				void* _t255;
				intOrPtr _t256;
				intOrPtr _t258;
				void* _t260;
				void* _t264;
				intOrPtr* _t266;
				intOrPtr* _t268;
				void* _t270;
				intOrPtr _t271;

				_t244 = __r9;
				_t242 = __r8;
				_t214 = __rdx;
				_t122 = __ebx;
				 *((long long*)(_t239 + 8)) = __rcx;
				_t240 = _t239 - 0x90;
				 *((long long*)(_t240 + 0x20)) = 0xfffffffe;
				 *((long long*)(_t240 + 0xe8)) = __rbx;
				 *((long long*)(__rcx)) = 0x28033d10;
				_t217 =  *((intOrPtr*)(__rcx + 0x80));
				if (_t217 -  *((intOrPtr*)(__rcx + 0x88)) <= 0) goto 0x28018dba;
				E00007FF77FF7280044B8();
				_t183 =  *((intOrPtr*)(__rcx + 0x68));
				_t256 =  *((intOrPtr*)(__rcx + 0x88));
				if ( *((intOrPtr*)(__rcx + 0x80)) - _t256 <= 0) goto 0x28018dd3;
				E00007FF77FF7280044B8();
				if (_t183 == 0) goto 0x28018de1;
				if (_t183 ==  *((intOrPtr*)(__rcx + 0x68))) goto 0x28018de6;
				E00007FF77FF7280044B8();
				if (_t217 == _t256) goto 0x28018eb1;
				if (_t183 != 0) goto 0x28018dfe;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018e01;
				_t135 = _t217 -  *((intOrPtr*)( *_t183 + 0x20));
				if (_t135 < 0) goto 0x28018e0c;
				E00007FF77FF7280044B8();
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t135 < 0) goto 0x28018e66;
				if (0x80000000 - 0x80000000 <= 0) goto 0x28018e66;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x28018e66;
				_t137 =  *((intOrPtr*)( *((intOrPtr*)(_t217 + 8)) + 8));
				if (_t137 != 0) goto 0x28018e5d;
				E00007FF77FF727FF3F90(0, 0, 0x28033d10,  *((intOrPtr*)(_t217 + 8)), __r9);
				asm("lock dec esp");
				if (_t137 == 0) goto 0x28018e5a;
				CloseHandle(_t270);
				goto 0x28018e5d;
				SetEvent(_t264);
				if (_t183 != 0) goto 0x28018e75;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018e78;
				if (_t217 -  *((intOrPtr*)( *_t183 + 0x20)) < 0) goto 0x28018e83;
				E00007FF77FF7280044B8();
				E00007FF77FF728018BD0(_t122, 0, 0x28033d10, _t183,  *_t217, _t214,  *((intOrPtr*)(_t217 + 8)), 0x28033d10, __r8, __r9, _t260, _t255);
				if (_t183 != 0) goto 0x28018e9a;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018e9d;
				if (_t217 -  *((intOrPtr*)( *_t183 + 0x20)) < 0) goto 0x28018ea8;
				E00007FF77FF7280044B8();
				goto 0x28018dd7;
				_t266 =  *((intOrPtr*)(_t240 + 0xd0)) + 0x98;
				 *((long long*)(_t240 + 0xe0)) = _t266;
				_t236 =  *((intOrPtr*)(_t266 + 0x18));
				if (_t236 -  *((intOrPtr*)(_t266 + 0x20)) <= 0) goto 0x28018ed7;
				E00007FF77FF7280044B8();
				_t229 =  *_t266;
				_t271 =  *((intOrPtr*)(_t266 + 0x20));
				if ( *((intOrPtr*)(_t266 + 0x18)) - _t271 <= 0) goto 0x28018ee9;
				E00007FF77FF7280044B8();
				if (_t229 == 0) goto 0x28018efa;
				if (_t229 ==  *_t266) goto 0x28018eff;
				E00007FF77FF7280044B8();
				if (_t236 == _t271) goto 0x2801907f;
				if (_t229 != 0) goto 0x28018f17;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018f1a;
				if (_t236 -  *((intOrPtr*)( *_t229 + 0x20)) < 0) goto 0x28018f25;
				E00007FF77FF7280044B8();
				_t184 =  *_t236;
				 *((long long*)(_t240 + 0x28)) = _t184 + 0x30;
				 *((char*)(_t240 + 0x30)) = 0;
				E00007FF77FF7280189A0(0, 0, _t184 + 0x30, _t240 + 0x28, _t217 + 0x10, _t229, _t236, __r8, __r9);
				 *((char*)(_t184 + 0x28)) = 1;
				E00007FF77FF728018BD0(_t122, 0, _t184 + 0x30, _t184, _t184 + 0x40, _t214, _t229, _t236, __r8, __r9, _t216, _t226);
				 *((long long*)(_t240 + 0x48)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0xb8))));
				_t174 =  *((intOrPtr*)(_t184 + 0x90));
				 *((long long*)(_t240 + 0x40)) = _t174;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm0");
				_t185 =  *((intOrPtr*)(_t240 + 0x50));
				_t219 =  *((intOrPtr*)(_t240 + 0x58));
				if (_t185 == 0) goto 0x28018f9a;
				if (_t185 == _t174) goto 0x28018f9f;
				E00007FF77FF7280044B8();
				if (_t219 ==  *((intOrPtr*)(_t184 + 0xb8))) goto 0x28018fec;
				if (_t185 != 0) goto 0x28018fb3;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018fb6;
				if (_t219 !=  *((intOrPtr*)( *_t185 + 0x28))) goto 0x28018fc1;
				E00007FF77FF7280044B8();
				E00007FF77FF728018BD0(_t122, 0, _t174, _t185,  *((intOrPtr*)(_t219 + 0x10)), _t214, _t229, _t236, __r8, __r9);
				if (_t185 != 0) goto 0x28018fd9;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018fdc;
				if (_t219 !=  *((intOrPtr*)( *_t185 + 0x28))) goto 0x28018fe7;
				E00007FF77FF7280044B8();
				goto 0x28018f90;
				_t156 =  *((char*)(_t240 + 0x30));
				if (_t156 == 0) goto 0x28019059;
				asm("lock xadd [eax], ecx");
				asm("bt ecx, 0x1e");
				if (_t156 < 0) goto 0x28019059;
				if (0x80000000 - 0x80000000 <= 0) goto 0x28019059;
				asm("lock bts dword [eax], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x28019059;
				_t158 =  *((intOrPtr*)( *((intOrPtr*)(_t240 + 0x28)) + 8));
				if (_t158 != 0) goto 0x28019050;
				E00007FF77FF727FF3F90(0, 0,  *((intOrPtr*)(_t240 + 0x28)), _t229, __r9);
				asm("lock dec esp");
				if (_t158 == 0) goto 0x2801904d;
				CloseHandle(_t232);
				goto 0x28019050;
				SetEvent(??);
				if (_t229 != 0) goto 0x28019068;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x2801906b;
				if (_t236 -  *((intOrPtr*)( *_t229 + 0x20)) < 0) goto 0x28019076;
				E00007FF77FF7280044B8();
				goto 0x28018ef0;
				_t258 =  *((intOrPtr*)(_t240 + 0xd0));
				_t202 =  *((intOrPtr*)(_t258 + 0xc8));
				_t268 =  *((intOrPtr*)(_t240 + 0xe0));
				if (_t202 == 0) goto 0x280190a9;
				if (_t202 == 0xffffffff) goto 0x280190a9;
				CloseHandle(??);
				 *((long long*)(_t240 + 0xd8)) = _t268;
				_t222 =  *((intOrPtr*)(_t268 + 0x18));
				if (_t222 == 0) goto 0x28019105;
				_t230 =  *((intOrPtr*)(_t268 + 0x20));
				if (_t222 == _t230) goto 0x280190fc;
				_t223 = _t222 + 8;
				_t189 =  *_t223;
				_t165 = _t189;
				if (_t165 == 0) goto 0x280190ef;
				asm("lock add dword [ebx+0x8], 0xffffffff");
				if (_t165 != 0) goto 0x280190ef;
				 *((intOrPtr*)( *_t189 + 8))();
				asm("lock add dword [ebx+0xc], 0xffffffff");
				if (_t165 != 0) goto 0x280190ef;
				 *((intOrPtr*)( *_t189 + 0x10))();
				_t224 = _t223 + 0x10;
				if (_t224 - 8 != _t230) goto 0x280190c7;
				E00007FF77FF7280044D8(_t224 - 8, _t189,  *((intOrPtr*)(_t268 + 0x18)), _t214, _t230, __r8, __r9);
				 *((long long*)(_t268 + 0x18)) = _t224;
				 *((long long*)(_t268 + 0x20)) = _t224;
				 *((long long*)(_t268 + 0x28)) = _t224;
				E00007FF77FF7280044D8(_t224 - 8, _t189,  *_t268, _t214, _t230, _t242, _t244);
				if ( *((intOrPtr*)(_t258 + 0x80)) == 0) goto 0x2801912e;
				E00007FF77FF7280044D8(_t224 - 8, _t189,  *((intOrPtr*)(_t258 + 0x80)), _t214, _t230, _t242, _t244);
				 *((long long*)(_t258 + 0x80)) = _t224;
				 *((long long*)(_t258 + 0x88)) = _t224;
				 *((long long*)(_t258 + 0x90)) = _t224;
				E00007FF77FF7280044D8(_t224 - 8, _t189,  *((intOrPtr*)(_t258 + 0x68)), _t214, _t230, _t242, _t244);
				_t190 = _t258 + 0x28;
				 *((long long*)(_t240 + 0xd8)) = _t190;
				_t64 = _t190 + 0x30; // 0x44c748000000e0ec
				_t180 =  *_t64;
				 *((long long*)(_t240 + 0x58)) = _t180;
				_t209 =  *_t190;
				 *((long long*)(_t240 + 0x50)) = _t209;
				 *((long long*)(_t240 + 0x48)) =  *_t180;
				 *((long long*)(_t240 + 0x40)) = _t209;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm1");
				E00007FF77FF727FF55C0(_t190, _t190, _t240 + 0x80, _t224, _t230, _t240 + 0x70, _t240 + 0x60);
				_t72 = _t190 + 0x30; // 0x44c748000000e0ec
				E00007FF77FF7280044D8( *_t180, _t190,  *_t72, _t240 + 0x80, _t230, _t240 + 0x70, _t240 + 0x60);
				 *((long long*)(_t190 + 0x30)) = _t224;
				 *((long long*)(_t190 + 0x38)) = _t224;
				E00007FF77FF7280044D8( *_t180, _t190,  *_t190, _t240 + 0x80, _t230, _t240 + 0x70, _t240 + 0x60);
				_t213 =  *((intOrPtr*)(_t258 + 0x10));
				if (_t213 == 0) goto 0x280191dc;
				if (_t213 == 0xffffffff) goto 0x280191dc;
				return CloseHandle(??);
			}













































                                                                                                                                                                                                    0x7ff728018d70
                                                                                                                                                                                                    0x7ff728018d70
                                                                                                                                                                                                    0x7ff728018d70
                                                                                                                                                                                                    0x7ff728018d70
                                                                                                                                                                                                    0x7ff728018d70
                                                                                                                                                                                                    0x7ff728018d80
                                                                                                                                                                                                    0x7ff728018d87
                                                                                                                                                                                                    0x7ff728018d90
                                                                                                                                                                                                    0x7ff728018da2
                                                                                                                                                                                                    0x7ff728018da5
                                                                                                                                                                                                    0x7ff728018db3
                                                                                                                                                                                                    0x7ff728018db5
                                                                                                                                                                                                    0x7ff728018dba
                                                                                                                                                                                                    0x7ff728018dbe
                                                                                                                                                                                                    0x7ff728018dcc
                                                                                                                                                                                                    0x7ff728018dce
                                                                                                                                                                                                    0x7ff728018dda
                                                                                                                                                                                                    0x7ff728018ddf
                                                                                                                                                                                                    0x7ff728018de1
                                                                                                                                                                                                    0x7ff728018de9
                                                                                                                                                                                                    0x7ff728018df2
                                                                                                                                                                                                    0x7ff728018df4
                                                                                                                                                                                                    0x7ff728018df9
                                                                                                                                                                                                    0x7ff728018dfc
                                                                                                                                                                                                    0x7ff728018e01
                                                                                                                                                                                                    0x7ff728018e05
                                                                                                                                                                                                    0x7ff728018e07
                                                                                                                                                                                                    0x7ff728018e15
                                                                                                                                                                                                    0x7ff728018e19
                                                                                                                                                                                                    0x7ff728018e1d
                                                                                                                                                                                                    0x7ff728018e24
                                                                                                                                                                                                    0x7ff728018e26
                                                                                                                                                                                                    0x7ff728018e2b
                                                                                                                                                                                                    0x7ff728018e31
                                                                                                                                                                                                    0x7ff728018e34
                                                                                                                                                                                                    0x7ff728018e3a
                                                                                                                                                                                                    0x7ff728018e44
                                                                                                                                                                                                    0x7ff728018e4d
                                                                                                                                                                                                    0x7ff728018e52
                                                                                                                                                                                                    0x7ff728018e58
                                                                                                                                                                                                    0x7ff728018e60
                                                                                                                                                                                                    0x7ff728018e69
                                                                                                                                                                                                    0x7ff728018e6b
                                                                                                                                                                                                    0x7ff728018e70
                                                                                                                                                                                                    0x7ff728018e73
                                                                                                                                                                                                    0x7ff728018e7c
                                                                                                                                                                                                    0x7ff728018e7e
                                                                                                                                                                                                    0x7ff728018e86
                                                                                                                                                                                                    0x7ff728018e8e
                                                                                                                                                                                                    0x7ff728018e90
                                                                                                                                                                                                    0x7ff728018e95
                                                                                                                                                                                                    0x7ff728018e98
                                                                                                                                                                                                    0x7ff728018ea1
                                                                                                                                                                                                    0x7ff728018ea3
                                                                                                                                                                                                    0x7ff728018eac
                                                                                                                                                                                                    0x7ff728018eb9
                                                                                                                                                                                                    0x7ff728018ec0
                                                                                                                                                                                                    0x7ff728018ec8
                                                                                                                                                                                                    0x7ff728018ed0
                                                                                                                                                                                                    0x7ff728018ed2
                                                                                                                                                                                                    0x7ff728018ed7
                                                                                                                                                                                                    0x7ff728018eda
                                                                                                                                                                                                    0x7ff728018ee2
                                                                                                                                                                                                    0x7ff728018ee4
                                                                                                                                                                                                    0x7ff728018ef3
                                                                                                                                                                                                    0x7ff728018ef8
                                                                                                                                                                                                    0x7ff728018efa
                                                                                                                                                                                                    0x7ff728018f02
                                                                                                                                                                                                    0x7ff728018f0b
                                                                                                                                                                                                    0x7ff728018f0d
                                                                                                                                                                                                    0x7ff728018f12
                                                                                                                                                                                                    0x7ff728018f15
                                                                                                                                                                                                    0x7ff728018f1e
                                                                                                                                                                                                    0x7ff728018f20
                                                                                                                                                                                                    0x7ff728018f25
                                                                                                                                                                                                    0x7ff728018f2d
                                                                                                                                                                                                    0x7ff728018f32
                                                                                                                                                                                                    0x7ff728018f3c
                                                                                                                                                                                                    0x7ff728018f42
                                                                                                                                                                                                    0x7ff728018f4a
                                                                                                                                                                                                    0x7ff728018f59
                                                                                                                                                                                                    0x7ff728018f5e
                                                                                                                                                                                                    0x7ff728018f65
                                                                                                                                                                                                    0x7ff728018f6a
                                                                                                                                                                                                    0x7ff728018f6f
                                                                                                                                                                                                    0x7ff728018f7f
                                                                                                                                                                                                    0x7ff728018f84
                                                                                                                                                                                                    0x7ff728018f93
                                                                                                                                                                                                    0x7ff728018f98
                                                                                                                                                                                                    0x7ff728018f9a
                                                                                                                                                                                                    0x7ff728018fa2
                                                                                                                                                                                                    0x7ff728018fa7
                                                                                                                                                                                                    0x7ff728018fa9
                                                                                                                                                                                                    0x7ff728018fae
                                                                                                                                                                                                    0x7ff728018fb1
                                                                                                                                                                                                    0x7ff728018fba
                                                                                                                                                                                                    0x7ff728018fbc
                                                                                                                                                                                                    0x7ff728018fc5
                                                                                                                                                                                                    0x7ff728018fcd
                                                                                                                                                                                                    0x7ff728018fcf
                                                                                                                                                                                                    0x7ff728018fd4
                                                                                                                                                                                                    0x7ff728018fd7
                                                                                                                                                                                                    0x7ff728018fe0
                                                                                                                                                                                                    0x7ff728018fe2
                                                                                                                                                                                                    0x7ff728018fea
                                                                                                                                                                                                    0x7ff728018fec
                                                                                                                                                                                                    0x7ff728018ff1
                                                                                                                                                                                                    0x7ff728018ffd
                                                                                                                                                                                                    0x7ff728019001
                                                                                                                                                                                                    0x7ff728019005
                                                                                                                                                                                                    0x7ff72801900d
                                                                                                                                                                                                    0x7ff728019014
                                                                                                                                                                                                    0x7ff728019019
                                                                                                                                                                                                    0x7ff728019024
                                                                                                                                                                                                    0x7ff728019027
                                                                                                                                                                                                    0x7ff72801902d
                                                                                                                                                                                                    0x7ff728019037
                                                                                                                                                                                                    0x7ff728019040
                                                                                                                                                                                                    0x7ff728019045
                                                                                                                                                                                                    0x7ff72801904b
                                                                                                                                                                                                    0x7ff728019053
                                                                                                                                                                                                    0x7ff72801905c
                                                                                                                                                                                                    0x7ff72801905e
                                                                                                                                                                                                    0x7ff728019063
                                                                                                                                                                                                    0x7ff728019066
                                                                                                                                                                                                    0x7ff72801906f
                                                                                                                                                                                                    0x7ff728019071
                                                                                                                                                                                                    0x7ff72801907a
                                                                                                                                                                                                    0x7ff72801907f
                                                                                                                                                                                                    0x7ff728019087
                                                                                                                                                                                                    0x7ff728019092
                                                                                                                                                                                                    0x7ff72801909a
                                                                                                                                                                                                    0x7ff7280190a0
                                                                                                                                                                                                    0x7ff7280190a2
                                                                                                                                                                                                    0x7ff7280190a9
                                                                                                                                                                                                    0x7ff7280190b1
                                                                                                                                                                                                    0x7ff7280190b8
                                                                                                                                                                                                    0x7ff7280190ba
                                                                                                                                                                                                    0x7ff7280190c1
                                                                                                                                                                                                    0x7ff7280190c3
                                                                                                                                                                                                    0x7ff7280190c7
                                                                                                                                                                                                    0x7ff7280190ca
                                                                                                                                                                                                    0x7ff7280190cd
                                                                                                                                                                                                    0x7ff7280190cf
                                                                                                                                                                                                    0x7ff7280190d4
                                                                                                                                                                                                    0x7ff7280190dc
                                                                                                                                                                                                    0x7ff7280190df
                                                                                                                                                                                                    0x7ff7280190e4
                                                                                                                                                                                                    0x7ff7280190ec
                                                                                                                                                                                                    0x7ff7280190ef
                                                                                                                                                                                                    0x7ff7280190fa
                                                                                                                                                                                                    0x7ff728019100
                                                                                                                                                                                                    0x7ff728019107
                                                                                                                                                                                                    0x7ff72801910b
                                                                                                                                                                                                    0x7ff72801910f
                                                                                                                                                                                                    0x7ff728019116
                                                                                                                                                                                                    0x7ff728019127
                                                                                                                                                                                                    0x7ff728019129
                                                                                                                                                                                                    0x7ff72801912e
                                                                                                                                                                                                    0x7ff728019136
                                                                                                                                                                                                    0x7ff72801913e
                                                                                                                                                                                                    0x7ff72801914b
                                                                                                                                                                                                    0x7ff728019151
                                                                                                                                                                                                    0x7ff728019156
                                                                                                                                                                                                    0x7ff72801915e
                                                                                                                                                                                                    0x7ff72801915e
                                                                                                                                                                                                    0x7ff728019162
                                                                                                                                                                                                    0x7ff728019167
                                                                                                                                                                                                    0x7ff72801916a
                                                                                                                                                                                                    0x7ff728019172
                                                                                                                                                                                                    0x7ff728019177
                                                                                                                                                                                                    0x7ff72801917c
                                                                                                                                                                                                    0x7ff728019181
                                                                                                                                                                                                    0x7ff728019187
                                                                                                                                                                                                    0x7ff72801918c
                                                                                                                                                                                                    0x7ff7280191a7
                                                                                                                                                                                                    0x7ff7280191ac
                                                                                                                                                                                                    0x7ff7280191b0
                                                                                                                                                                                                    0x7ff7280191b5
                                                                                                                                                                                                    0x7ff7280191b9
                                                                                                                                                                                                    0x7ff7280191c0
                                                                                                                                                                                                    0x7ff7280191c6
                                                                                                                                                                                                    0x7ff7280191ce
                                                                                                                                                                                                    0x7ff7280191d4
                                                                                                                                                                                                    0x7ff7280191f6

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseHandle$Event
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2169016680-0
                                                                                                                                                                                                    • Opcode ID: ccb0c04af5b048eba43420b57f02c5b60818a04f1f3508e1cd6e1abe130cdd7e
                                                                                                                                                                                                    • Instruction ID: 65bd7a25d36684c0fb2d12790bd60b022bdf98e162f01f1e73f388703486a08b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccb0c04af5b048eba43420b57f02c5b60818a04f1f3508e1cd6e1abe130cdd7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65D1C222A08A4281EA70BB21DC0437DE3A5FF41B64FC59133DA6D176D5EF3EE5418B68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728010EF0 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF77FF728010EF0(void* __ebx, signed long long __ecx, signed int __esi, void* __rax, long long __rbx, void* __rcx, char* __rdx, void* __r8, void* __r11) {
				void* __rsi;
				void* __rbp;
				int _t188;
				int _t193;
				signed int _t196;
				char _t207;
				signed int _t214;
				signed int _t220;
				int _t224;
				long _t228;
				void* _t234;
				signed int _t236;
				signed int _t237;
				char _t250;
				signed int _t283;
				void* _t285;
				signed int _t288;
				signed int _t290;
				signed long long _t360;
				signed long long _t361;
				intOrPtr _t364;
				signed int* _t371;
				signed int* _t386;
				signed long long _t388;
				intOrPtr* _t389;
				void* _t390;
				signed short* _t391;
				signed long long _t392;
				intOrPtr _t395;
				intOrPtr _t408;
				intOrPtr* _t417;
				char* _t427;
				intOrPtr _t430;
				int _t442;
				short* _t444;
				char* _t445;
				char* _t446;
				short* _t449;
				signed int* _t450;
				int _t454;
				intOrPtr* _t456;
				signed short* _t457;
				void* _t461;
				signed long long _t462;
				void* _t467;
				void* _t474;
				int _t476;
				char* _t477;
				void* _t479;
				void* _t481;
				signed long long _t483;
				signed long long _t485;
				void* _t489;
				signed long long _t491;

				_t475 = __r11;
				_t464 = __r8;
				_t427 = __rdx;
				_t283 = __esi;
				_t234 = __ebx;
				 *((long long*)(_t461 + 0x20)) = __rbx;
				E00007FF77FF72802C0A0(0x1b30, __rax, _t474, __r11);
				_t462 = _t461 - __rax;
				_t360 =  *0x28040430; // 0x449f3b8ca6a
				_t361 = _t360 ^ _t462;
				 *(_t462 + 0x1b20) = _t361;
				r13d = r8d;
				_t477 = __rdx;
				_t388 = __ecx;
				 *(_t462 + 0x40) = 0;
				if (r8d != 0) goto 0x28010f3c;
				goto 0x28011623;
				if (__rdx != 0) goto 0x28010f6f;
				E00007FF77FF7280078CC(_t361);
				 *_t361 =  *_t361 & 0;
				E00007FF77FF7280078AC(_t361);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r9d = 0;
				r8d = 0;
				 *_t361 = 0x16;
				E00007FF77FF728004430(_t361, __ecx, __rcx, __rdx, _t444, _t454, __r8, _t489, _t481);
				goto 0x28011623;
				_t483 = _t388 >> 5;
				r15d = r15d & 0x0000001f;
				_t395 =  *((intOrPtr*)(0x280489e0 + _t483 * 8));
				 *(_t462 + 0x50) = _t483;
				_t491 = _t388 * 0x58;
				sil =  *(_t491 + _t395 + 0x38);
				sil = sil + sil;
				sil = sil >> 1;
				if (sil == 2) goto 0x28010fa8;
				if (sil != 1) goto 0x28010fb1;
				if (( !r13d & 0x00000001) == 0) goto 0x28010f41;
				if (( *(_t491 + _t395 + 8) & 0x00000020) == 0) goto 0x28010fc6;
				_t17 = _t427 + 2; // 0x2
				r8d = _t17;
				E00007FF77FF728014D74(_t234, _t234, 0x280489e0, _t388, _t427);
				if (E00007FF77FF728014F44(_t234, 0x280489e0, _t388, _t444, _t454, _t464) == 0) goto 0x280112c6;
				_t364 =  *((intOrPtr*)(0x280489e0 + _t483 * 8));
				if (( *(_t491 + 0x7ff7280489e8) & 0x00000080) == 0) goto 0x280112c6;
				E00007FF77FF72800B93C(_t234,  *(_t491 + 0x7ff7280489e8) & 0x00000080, _t364);
				_t236 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t364 + 0xc0)) + 0x14)) == 0x00000000;
				if (GetConsoleMode(_t479) == 0) goto 0x280112c6;
				if (_t236 == 0) goto 0x2801102f;
				if (sil == 0) goto 0x280112c6;
				_t188 = GetConsoleCP();
				 *(_t462 + 0x4c) =  *(_t462 + 0x4c) & 0;
				_t389 = _t477;
				 *(_t462 + 0x58) = _t188;
				if (r13d == 0) goto 0x280112c0;
				r14d =  *(_t462 + 0x58);
				if (sil != 0) goto 0x280111df;
				_t250 =  *_t389;
				r14d = 0;
				_t430 =  *((intOrPtr*)(0x280489e0 +  *(_t462 + 0x50) * 8));
				r14b = _t250 == 0xa;
				if ( *(_t491 + _t430 + 0x50) == 0) goto 0x280110a1;
				 *((char*)(_t462 + 0x5d)) = _t250;
				r8d = 2;
				 *((char*)(_t462 + 0x5c)) =  *((intOrPtr*)(_t491 + _t430 + 0x4c));
				 *(_t491 + _t430 + 0x50) =  *(_t491 + _t430 + 0x50) & 0x00000000;
				goto 0x280110ea;
				if (E00007FF77FF72800FA14(_t250,  *(_t491 + _t430 + 0x50), 0x280489e0, _t475) == 0) goto 0x280110e1;
				if (_t479 - _t389 + _t477 - 1 <= 0) goto 0x2801128f;
				r8d = 2;
				if (E00007FF77FF72801554C(0, _t479 - _t389 + _t477 - 1, _t389, _t462 + 0x44, _t444, _t467) == 0xffffffff) goto 0x28011252;
				_t390 = _t389 + 1;
				goto 0x280110fd;
				r8d = 1;
				if (E00007FF77FF72801554C(0, E00007FF77FF72801554C(0, _t479 - _t389 + _t477 - 1, _t389, _t462 + 0x44, _t444, _t467) - 0xffffffff, _t390, _t462 + 0x44, _t444, _t467) == 0xffffffff) goto 0x28011252;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				r9d = 1;
				 *((intOrPtr*)(_t462 + 0x28)) = 5;
				_t391 = _t390 + 1;
				 *(_t462 + 0x20) = _t462 + 0x5c;
				_t193 = WideCharToMultiByte(_t476, _t442, _t444, _t454);
				_t288 = _t193;
				if (_t193 == 0) goto 0x28011252;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = _t288;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x280112b6;
				if ( *(_t462 + 0x4c) - _t288 < 0) goto 0x28011252;
				if (r14d == 0) goto 0x28011244;
				_t371 =  *(_t462 + 0x50);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x5c)) = bpl;
				r8d = 0x7ff7280489d4;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x280112b6;
				if ( *(_t462 + 0x4c) - 1 < 0) goto 0x28011252;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				goto 0x28011244;
				if (sil == 1) goto 0x280111eb;
				if (sil != 2) goto 0x28011202;
				_t196 =  *_t391 & 0x0000ffff;
				r14d = 0;
				 *(_t462 + 0x44) = _t196;
				r14b = _t196 == 0xa;
				_t392 =  &(_t391[1]);
				if (sil == 1) goto 0x2801120e;
				if (sil != 2) goto 0x28011244;
				if (E00007FF77FF728015A0C( *(_t462 + 0x44) & 0x0000ffff) !=  *(_t462 + 0x44)) goto 0x280112b6;
				if (r14d == 0) goto 0x28011244;
				 *(_t462 + 0x44) = 0xd;
				if (E00007FF77FF728015A0C(0xd) !=  *(_t462 + 0x44)) goto 0x280112b6;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				if (_t236 - r12d - r13d < 0) goto 0x28011053;
				_t237 =  *(_t462 + 0x4c);
				_t290 =  *(_t462 + 0x40);
				if (_t236 - r12d +  *(_t462 + 0x40) + 4 != 0) goto 0x2801161f;
				if (_t237 == 0) goto 0x280115e9;
				if (_t237 != 5) goto 0x280115dd;
				E00007FF77FF7280078AC(_t371);
				 *_t371 = 9;
				E00007FF77FF7280078CC(_t371);
				 *_t371 = _t237;
				goto 0x28010f67;
				_t485 =  *(_t462 + 0x50);
				 *((char*)(_t491 +  *((intOrPtr*)(0x280489e0 + _t485 * 8)) + 0x4c)) =  *_t392;
				 *(_t491 +  *((intOrPtr*)(0x280489e0 + _t485 * 8)) + 0x50) = 1;
				goto 0x2801125b;
				GetLastError();
				goto 0x28011256;
				goto 0x28011267;
				_t408 =  *((intOrPtr*)(0x280489e0 + _t485 * 8));
				if (( *(_t491 + _t408 + 8) & 0x00000080) == 0) goto 0x280115a7;
				_t456 = _t477;
				if (sil != 0) goto 0x280113bb;
				if (r13d == 0) goto 0x280115f0;
				_t111 = _t392 + 0xd; // 0xd
				r14d =  *(_t462 + 0x40);
				_t445 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0x28011336;
				_t207 =  *_t456;
				_t457 = _t456 + 1;
				if (_t207 != 0xa) goto 0x28011325;
				 *_t445 = _t111;
				r14d = r14d + 1;
				_t446 = _t445 + 1;
				 *_t446 = _t207;
				if (_t408 + 2 - 0x13ff < 0) goto 0x28011306;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t207;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x280113ae;
				if ( *((intOrPtr*)(_t462 + 0x48)) - _t446 + 1 - _t462 + 0x720 < 0) goto 0x2801125b;
				if (_t290 - r12d - r13d < 0) goto 0x280112f7;
				goto 0x2801125b;
				GetLastError();
				goto 0x2801125b;
				if (sil != 2) goto 0x28011499;
				if (r13d == 0) goto 0x280115f0;
				r14d =  *(_t462 + 0x40);
				_t449 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0x2801141d;
				_t214 =  *_t457 & 0x0000ffff;
				if (_t214 != 0xa) goto 0x28011409;
				 *_t449 = 0xd;
				r14d = r14d + 2;
				_t450 = _t449 + 2;
				 *_t450 = _t214;
				if ( *((intOrPtr*)(_t491 +  *((intOrPtr*)(0x280489e0 +  *(_t462 + 0x50) * 8)))) + 4 - 0x13fe < 0) goto 0x280113e2;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t214;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x280113ae;
				if ( *((intOrPtr*)(_t462 + 0x48)) -  &(_t450[0]) - _t462 + 0x720 < 0) goto 0x2801125b;
				if (_t290 - r12d - r13d < 0) goto 0x280113d3;
				goto 0x2801125b;
				if (r13d == 0) goto 0x280115f0;
				r8d = 0xd;
				_t417 = _t462 + 0x70;
				if (_t290 - r12d - r13d >= 0) goto 0x280114e7;
				_t220 = _t457[1] & 0x0000ffff;
				if (_t220 != 0xa) goto 0x280114d3;
				 *_t417 = r8w;
				 *(_t417 + 2) = _t220;
				if (_t462 + 0x724 - 0x6a8 < 0) goto 0x280114af;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x28)) = 0xd55;
				asm("cdq");
				r9d = 0 - _t220 >> 1;
				 *(_t462 + 0x20) = _t462 + 0x720;
				_t224 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t224;
				if (_t224 == 0) goto 0x280112b6;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = r14d;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x2801157d;
				_t285 = 0 +  *((intOrPtr*)(_t462 + 0x48));
				if (r14d - _t285 > 0) goto 0x28011538;
				goto 0x28011585;
				GetLastError();
				if (r14d - _t285 > 0) goto 0x28011256;
				r8d = 0xd;
				if (_t290 - r12d - r13d < 0) goto 0x280114a8;
				goto 0x28011256;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r8d = r13d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x280115d0;
				goto 0x2801125f;
				_t228 = GetLastError();
				goto 0x2801125f;
				E00007FF77FF7280078EC(_t228,  *(_t462 + 0x50));
				goto 0x28010f67;
				_t386 =  *((intOrPtr*)(0x280489e0 +  *(_t462 + 0x50) * 8));
				if (( *(_t491 + 0x7ff7280489e8) & 0x00000040) == 0) goto 0x28011607;
				if ( *_t477 == 0x1a) goto 0x28010f35;
				E00007FF77FF7280078AC(_t386);
				 *0x280489e0 = 0x1c;
				E00007FF77FF7280078CC(_t386);
				 *_t386 =  *_t386 & 0x00000000;
				goto 0x28010f67;
				return E00007FF77FF728004050(_t228,  *(_t462 + 0x1b20) ^ _t462, _t477, _t462 + 0x70, _t462 + 0x48);
			}

























































                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010ef0
                                                                                                                                                                                                    0x7ff728010f05
                                                                                                                                                                                                    0x7ff728010f0a
                                                                                                                                                                                                    0x7ff728010f0d
                                                                                                                                                                                                    0x7ff728010f14
                                                                                                                                                                                                    0x7ff728010f17
                                                                                                                                                                                                    0x7ff728010f23
                                                                                                                                                                                                    0x7ff728010f26
                                                                                                                                                                                                    0x7ff728010f29
                                                                                                                                                                                                    0x7ff728010f2c
                                                                                                                                                                                                    0x7ff728010f33
                                                                                                                                                                                                    0x7ff728010f37
                                                                                                                                                                                                    0x7ff728010f3f
                                                                                                                                                                                                    0x7ff728010f41
                                                                                                                                                                                                    0x7ff728010f46
                                                                                                                                                                                                    0x7ff728010f48
                                                                                                                                                                                                    0x7ff728010f4d
                                                                                                                                                                                                    0x7ff728010f52
                                                                                                                                                                                                    0x7ff728010f55
                                                                                                                                                                                                    0x7ff728010f5c
                                                                                                                                                                                                    0x7ff728010f62
                                                                                                                                                                                                    0x7ff728010f6a
                                                                                                                                                                                                    0x7ff728010f7c
                                                                                                                                                                                                    0x7ff728010f80
                                                                                                                                                                                                    0x7ff728010f84
                                                                                                                                                                                                    0x7ff728010f88
                                                                                                                                                                                                    0x7ff728010f8d
                                                                                                                                                                                                    0x7ff728010f91
                                                                                                                                                                                                    0x7ff728010f96
                                                                                                                                                                                                    0x7ff728010f99
                                                                                                                                                                                                    0x7ff728010fa0
                                                                                                                                                                                                    0x7ff728010fa6
                                                                                                                                                                                                    0x7ff728010faf
                                                                                                                                                                                                    0x7ff728010fb7
                                                                                                                                                                                                    0x7ff728010fbd
                                                                                                                                                                                                    0x7ff728010fbd
                                                                                                                                                                                                    0x7ff728010fc1
                                                                                                                                                                                                    0x7ff728010fcf
                                                                                                                                                                                                    0x7ff728010fdc
                                                                                                                                                                                                    0x7ff728010fe6
                                                                                                                                                                                                    0x7ff728010fec
                                                                                                                                                                                                    0x7ff728011011
                                                                                                                                                                                                    0x7ff72801101c
                                                                                                                                                                                                    0x7ff728011024
                                                                                                                                                                                                    0x7ff728011029
                                                                                                                                                                                                    0x7ff72801102f
                                                                                                                                                                                                    0x7ff728011035
                                                                                                                                                                                                    0x7ff728011039
                                                                                                                                                                                                    0x7ff72801103c
                                                                                                                                                                                                    0x7ff728011043
                                                                                                                                                                                                    0x7ff728011049
                                                                                                                                                                                                    0x7ff728011056
                                                                                                                                                                                                    0x7ff728011061
                                                                                                                                                                                                    0x7ff728011063
                                                                                                                                                                                                    0x7ff728011070
                                                                                                                                                                                                    0x7ff728011075
                                                                                                                                                                                                    0x7ff72801107f
                                                                                                                                                                                                    0x7ff728011086
                                                                                                                                                                                                    0x7ff72801108a
                                                                                                                                                                                                    0x7ff728011090
                                                                                                                                                                                                    0x7ff728011094
                                                                                                                                                                                                    0x7ff72801109f
                                                                                                                                                                                                    0x7ff7280110ab
                                                                                                                                                                                                    0x7ff7280110ba
                                                                                                                                                                                                    0x7ff7280110c5
                                                                                                                                                                                                    0x7ff7280110d6
                                                                                                                                                                                                    0x7ff7280110dc
                                                                                                                                                                                                    0x7ff7280110df
                                                                                                                                                                                                    0x7ff7280110e1
                                                                                                                                                                                                    0x7ff7280110f7
                                                                                                                                                                                                    0x7ff7280110fd
                                                                                                                                                                                                    0x7ff728011103
                                                                                                                                                                                                    0x7ff728011117
                                                                                                                                                                                                    0x7ff72801111f
                                                                                                                                                                                                    0x7ff728011127
                                                                                                                                                                                                    0x7ff72801112a
                                                                                                                                                                                                    0x7ff72801112f
                                                                                                                                                                                                    0x7ff728011135
                                                                                                                                                                                                    0x7ff728011139
                                                                                                                                                                                                    0x7ff728011144
                                                                                                                                                                                                    0x7ff728011163
                                                                                                                                                                                                    0x7ff72801116e
                                                                                                                                                                                                    0x7ff728011181
                                                                                                                                                                                                    0x7ff72801118f
                                                                                                                                                                                                    0x7ff728011195
                                                                                                                                                                                                    0x7ff72801119a
                                                                                                                                                                                                    0x7ff7280111a0
                                                                                                                                                                                                    0x7ff7280111b1
                                                                                                                                                                                                    0x7ff7280111ca
                                                                                                                                                                                                    0x7ff7280111d5
                                                                                                                                                                                                    0x7ff7280111d7
                                                                                                                                                                                                    0x7ff7280111dd
                                                                                                                                                                                                    0x7ff7280111e3
                                                                                                                                                                                                    0x7ff7280111e9
                                                                                                                                                                                                    0x7ff7280111eb
                                                                                                                                                                                                    0x7ff7280111ee
                                                                                                                                                                                                    0x7ff7280111f5
                                                                                                                                                                                                    0x7ff7280111fa
                                                                                                                                                                                                    0x7ff7280111fe
                                                                                                                                                                                                    0x7ff728011206
                                                                                                                                                                                                    0x7ff72801120c
                                                                                                                                                                                                    0x7ff72801121d
                                                                                                                                                                                                    0x7ff728011229
                                                                                                                                                                                                    0x7ff72801122d
                                                                                                                                                                                                    0x7ff72801123c
                                                                                                                                                                                                    0x7ff728011240
                                                                                                                                                                                                    0x7ff72801124c
                                                                                                                                                                                                    0x7ff728011252
                                                                                                                                                                                                    0x7ff72801125b
                                                                                                                                                                                                    0x7ff728011261
                                                                                                                                                                                                    0x7ff728011269
                                                                                                                                                                                                    0x7ff728011272
                                                                                                                                                                                                    0x7ff728011278
                                                                                                                                                                                                    0x7ff72801127d
                                                                                                                                                                                                    0x7ff728011283
                                                                                                                                                                                                    0x7ff728011288
                                                                                                                                                                                                    0x7ff72801128a
                                                                                                                                                                                                    0x7ff728011291
                                                                                                                                                                                                    0x7ff72801129d
                                                                                                                                                                                                    0x7ff7280112a7
                                                                                                                                                                                                    0x7ff7280112b4
                                                                                                                                                                                                    0x7ff7280112b6
                                                                                                                                                                                                    0x7ff7280112be
                                                                                                                                                                                                    0x7ff7280112c4
                                                                                                                                                                                                    0x7ff7280112cd
                                                                                                                                                                                                    0x7ff7280112d7
                                                                                                                                                                                                    0x7ff7280112df
                                                                                                                                                                                                    0x7ff7280112e5
                                                                                                                                                                                                    0x7ff7280112ee
                                                                                                                                                                                                    0x7ff7280112f4
                                                                                                                                                                                                    0x7ff7280112f7
                                                                                                                                                                                                    0x7ff7280112fc
                                                                                                                                                                                                    0x7ff72801130e
                                                                                                                                                                                                    0x7ff728011310
                                                                                                                                                                                                    0x7ff728011313
                                                                                                                                                                                                    0x7ff728011318
                                                                                                                                                                                                    0x7ff72801131a
                                                                                                                                                                                                    0x7ff72801131c
                                                                                                                                                                                                    0x7ff72801131f
                                                                                                                                                                                                    0x7ff728011328
                                                                                                                                                                                                    0x7ff728011334
                                                                                                                                                                                                    0x7ff728011336
                                                                                                                                                                                                    0x7ff728011343
                                                                                                                                                                                                    0x7ff728011346
                                                                                                                                                                                                    0x7ff728011350
                                                                                                                                                                                                    0x7ff728011377
                                                                                                                                                                                                    0x7ff728011390
                                                                                                                                                                                                    0x7ff7280113a3
                                                                                                                                                                                                    0x7ff7280113a9
                                                                                                                                                                                                    0x7ff7280113ae
                                                                                                                                                                                                    0x7ff7280113b6
                                                                                                                                                                                                    0x7ff7280113bf
                                                                                                                                                                                                    0x7ff7280113c8
                                                                                                                                                                                                    0x7ff7280113d3
                                                                                                                                                                                                    0x7ff7280113d8
                                                                                                                                                                                                    0x7ff7280113ea
                                                                                                                                                                                                    0x7ff7280113ec
                                                                                                                                                                                                    0x7ff7280113f8
                                                                                                                                                                                                    0x7ff7280113fa
                                                                                                                                                                                                    0x7ff7280113fd
                                                                                                                                                                                                    0x7ff728011401
                                                                                                                                                                                                    0x7ff72801140d
                                                                                                                                                                                                    0x7ff72801141b
                                                                                                                                                                                                    0x7ff72801141d
                                                                                                                                                                                                    0x7ff72801142a
                                                                                                                                                                                                    0x7ff72801142d
                                                                                                                                                                                                    0x7ff728011437
                                                                                                                                                                                                    0x7ff72801145e
                                                                                                                                                                                                    0x7ff72801147b
                                                                                                                                                                                                    0x7ff72801148e
                                                                                                                                                                                                    0x7ff728011494
                                                                                                                                                                                                    0x7ff72801149c
                                                                                                                                                                                                    0x7ff7280114a2
                                                                                                                                                                                                    0x7ff7280114a8
                                                                                                                                                                                                    0x7ff7280114b7
                                                                                                                                                                                                    0x7ff7280114b9
                                                                                                                                                                                                    0x7ff7280114c5
                                                                                                                                                                                                    0x7ff7280114c7
                                                                                                                                                                                                    0x7ff7280114d7
                                                                                                                                                                                                    0x7ff7280114e5
                                                                                                                                                                                                    0x7ff7280114e7
                                                                                                                                                                                                    0x7ff7280114ed
                                                                                                                                                                                                    0x7ff7280114ff
                                                                                                                                                                                                    0x7ff72801150e
                                                                                                                                                                                                    0x7ff728011515
                                                                                                                                                                                                    0x7ff728011520
                                                                                                                                                                                                    0x7ff728011525
                                                                                                                                                                                                    0x7ff72801152b
                                                                                                                                                                                                    0x7ff728011530
                                                                                                                                                                                                    0x7ff72801153d
                                                                                                                                                                                                    0x7ff72801154e
                                                                                                                                                                                                    0x7ff728011561
                                                                                                                                                                                                    0x7ff728011570
                                                                                                                                                                                                    0x7ff728011572
                                                                                                                                                                                                    0x7ff728011579
                                                                                                                                                                                                    0x7ff72801157b
                                                                                                                                                                                                    0x7ff72801157d
                                                                                                                                                                                                    0x7ff728011588
                                                                                                                                                                                                    0x7ff728011590
                                                                                                                                                                                                    0x7ff72801159c
                                                                                                                                                                                                    0x7ff7280115a2
                                                                                                                                                                                                    0x7ff7280115ab
                                                                                                                                                                                                    0x7ff7280115b5
                                                                                                                                                                                                    0x7ff7280115c3
                                                                                                                                                                                                    0x7ff7280115cb
                                                                                                                                                                                                    0x7ff7280115d0
                                                                                                                                                                                                    0x7ff7280115d8
                                                                                                                                                                                                    0x7ff7280115df
                                                                                                                                                                                                    0x7ff7280115e4
                                                                                                                                                                                                    0x7ff7280115f0
                                                                                                                                                                                                    0x7ff7280115fa
                                                                                                                                                                                                    0x7ff728011601
                                                                                                                                                                                                    0x7ff728011607
                                                                                                                                                                                                    0x7ff72801160c
                                                                                                                                                                                                    0x7ff728011612
                                                                                                                                                                                                    0x7ff728011617
                                                                                                                                                                                                    0x7ff72801161a
                                                                                                                                                                                                    0x7ff72801164d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                    • API String ID: 921712934-4171548499
                                                                                                                                                                                                    • Opcode ID: b58e01479b693e4d3fc4ee5255ae4a2aff408e3cce59a02e304553b3b8b91440
                                                                                                                                                                                                    • Instruction ID: 1bda427eab41cd543db32f10c63cc4685cee43b2305ec15644d13ee576730340
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b58e01479b693e4d3fc4ee5255ae4a2aff408e3cce59a02e304553b3b8b91440
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6412E322A1C64286EB34AF15DC4437AE761FB84764F846137DA4D43AD4EE3EE845CF28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014B80 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014BBD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014BD9
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C01
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C0A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C20
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C29
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C3F
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C48
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C66
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014C6F
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014CA1
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014CB0
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014D08
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014D28
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF72800BEF0,?,?,?,?,?,00007FF72800BF84), ref: 00007FF728014D41
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeProc$Encode$LibraryLoad
                                                                                                                                                                                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                                                                                    • API String ID: 3085332118-232180764
                                                                                                                                                                                                    • Opcode ID: 3058f658b6c3c431e6a74a0b1d15c72de0f4353170a2b64a36bc1f1c13922d65
                                                                                                                                                                                                    • Instruction ID: 828d86e33c5517891a6f927f4f80f95219885db78f6a01477347eafa71f53ca6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3058f658b6c3c431e6a74a0b1d15c72de0f4353170a2b64a36bc1f1c13922d65
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA51F920B0AB0340EE75FB51BD50678E2A1EF45B90FC99437DC1E067E5EE3EA4018A29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800A728 Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$free$ByteCharMultiWidemalloc$ErrorLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1837315383-0
                                                                                                                                                                                                    • Opcode ID: deef6aef4076a8aecc8c09d005643f978d232f5a9d69fe706d5c65247fb8c331
                                                                                                                                                                                                    • Instruction ID: c1e265741d69c38b88e5ab74412ae1c68666d2e3596b83c867f7ddf54e699535
                                                                                                                                                                                                    • Opcode Fuzzy Hash: deef6aef4076a8aecc8c09d005643f978d232f5a9d69fe706d5c65247fb8c331
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F10932A086818AE730AF22DC4056DF791FB447D8F944636DA2E57BD4DF3DE9508B18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF9DE0 Relevance: 27.4, APIs: 18, Instructions: 428COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF77FF727FF9DE0(long long __rax, long long __rcx, long long __rdx, void* __r8, signed long long __r9, long long _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v88;
				char _v104;
				char _v120;
				char _v136;
				signed int* _v144;
				long long _v152;
				signed int* _v160;
				long long _v168;
				signed int* _v176;
				long long _v184;
				signed long long _v200;
				signed int _v208;
				long long _v216;
				signed int* _v224;
				long long _v232;
				char _v256;
				signed int _v264;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t200;
				signed int _t211;
				long long _t297;
				long long _t298;
				long long _t300;
				long long _t301;
				long long _t304;
				long long _t306;
				long long _t307;
				long long _t310;
				long long _t312;
				long long _t313;
				signed int* _t324;
				signed int* _t325;
				signed int* _t326;
				signed int* _t331;
				signed int* _t332;
				signed int* _t333;
				signed int* _t338;
				signed int* _t339;
				signed int* _t340;
				void* _t351;
				void* _t355;
				void* _t359;
				void* _t363;
				void* _t365;
				long long _t366;
				intOrPtr* _t367;
				long long _t368;
				intOrPtr* _t369;
				long long _t370;
				intOrPtr* _t371;
				void* _t372;
				signed int* _t373;
				void* _t374;
				signed int* _t375;
				void* _t376;
				long long _t377;
				void* _t383;
				signed long long _t384;
				signed int* _t393;
				void* _t396;
				void* _t398;

				_t384 = __r9;
				_t383 = __r8;
				_t282 = __rax;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v88 = 0xfffffffe;
				_t211 = r8d;
				_t377 = __rdx;
				_t297 = __rcx;
				_a32 = 0;
				E00007FF77FF7280045E0(__rax, __rcx);
				if (__rax == 0) goto 0x27ff9e3b;
				 *((long long*)(__rax)) =  &_v256;
				goto 0x27ff9e3d;
				_v256 = __rax;
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				if (_t211 != 0) goto 0x27ff9eab;
				E00007FF77FF727FFA460(__rax, _t297, _t297,  &_v256, _t365, _t372, __r8);
				if (_v232 == 0) goto 0x27ff9e7e;
				E00007FF77FF7280044D8(_t282, _t297, _v232,  &_v256, _t372, _t383, _t384);
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				E00007FF77FF7280044D8(_t282, _t297, _v256,  &_v256, _t372, _t383, _t384);
				goto 0x27ffa440;
				_t351 = _t365;
				E00007FF77FF727FFA530(_t200, _t297, _t297,  &_v256, _t351, _t372, _t383, _t384);
				r8d = 0;
				_v208 = r8d;
				r9d = 0;
				_v200 = _t384;
				if (_t211 == 0) goto 0x27ffa3fb;
				_t324 = _v224;
				_t298 = _v232;
				asm("o16 nop [eax+eax]");
				sil = 0x41;
				r14d = sil & 0xffffffff;
				r13d = sil & 0xffffffff;
				_a32 = sil;
				_t25 = _t383 + 1; // 0x1
				if (_t25 - _t211 >= 0) goto 0x27ff9f07;
				_t29 = _t383 + 2; // 0x2
				if (_t29 - _t211 >= 0) goto 0x27ff9f14;
				r14b =  *((intOrPtr*)(_t377 + 4 + _t384 * 2));
				_t33 = _t383 + 3; // 0x3
				if (_t33 - _t211 >= 0) goto 0x27ff9f29;
				r13b =  *((intOrPtr*)(_t377 + 6 + _t384 * 2));
				_a32 = r13b;
				_t38 = _t351 - 0x41; // 0x0
				if (_t38 - 0x19 > 0) goto 0x27ff9f35;
				goto 0x27ff9f56;
				_t39 = _t351 - 0x61; // -32
				if (_t39 - 0x19 > 0) goto 0x27ff9f41;
				goto 0x27ff9f56;
				_t40 = _t351 - 0x30; // 0x11
				if (_t40 - 9 > 0) goto 0x27ff9f4d;
				goto 0x27ff9f56;
				_t43 = _t372 - 0x41; // 0x1034fdf
				if (_t43 - 0x19 > 0) goto 0x27ff9f63;
				sil = sil - 0x41;
				goto 0x27ff9f89;
				_t44 = _t372 - 0x61; // 0x1034fbf
				if (_t44 - 0x19 > 0) goto 0x27ff9f70;
				sil = sil - 0x47;
				goto 0x27ff9f89;
				_t45 = _t372 - 0x30; // 0x1034ff0
				if (_t45 - 9 > 0) goto 0x27ff9f7d;
				sil = sil + 4;
				goto 0x27ff9f89;
				sil = sil != 0x2b;
				sil = sil + 0x3e;
				if (_t398 - 0x41 - 0x19 > 0) goto 0x27ff9f97;
				goto 0x27ff9fbf;
				if (_t398 - 0x61 - 0x19 > 0) goto 0x27ff9fa5;
				goto 0x27ff9fbf;
				if (_t398 - 0x30 - 9 > 0) goto 0x27ff9fb3;
				goto 0x27ff9fbf;
				bpl = r14b != 0x2b;
				bpl = bpl + 0x3e;
				_t52 = _t396 - 0x41; // -65
				if (_t52 - 0x19 > 0) goto 0x27ff9fcd;
				_t53 = _t396 - 0x41; // -65
				r15d = _t53;
				goto 0x27ff9ff5;
				_t54 = _t396 - 0x61; // -97
				if (_t54 - 0x19 > 0) goto 0x27ff9fdb;
				_t55 = _t396 - 0x47; // -71
				r15d = _t55;
				goto 0x27ff9ff5;
				_t56 = _t396 - 0x30; // -48
				if (_t56 - 9 > 0) goto 0x27ff9fe9;
				_t57 = _t396 + 4; // 0x4
				r15d = _t57;
				goto 0x27ff9ff5;
				r15b = r13b != 0x2b;
				r15b = r15b + 0x3e;
				r8d = sil & 0xffffffff;
				r8b = r8b >> 4;
				r8b = r8b | (( *(_t377 + _t384 * 2) & 0x000000ff) - 0xfffffffffffffffa + 0x00000004 & 0xffffff00 | ( *(_t377 + _t384 * 2) & 0x000000ff) - 0xfffffffffffffffa + 0x00000004 != 0x0000002b) + 0x0000003e << 0x00000002;
				_v264 = r8b;
				if (_t298 != 0) goto 0x27ffa011;
				goto 0x27ffa019;
				if (_t324 - _t298 - _v216 - _t298 >= 0) goto 0x27ffa039;
				 *_t324 = r8b;
				_t325 =  &(_t324[0]);
				_v224 = _t325;
				goto 0x27ffa140;
				_t393 = _t325;
				if (_v232 - _t325 <= 0) goto 0x27ffa050;
				E00007FF77FF7280044B8();
				_t326 = _v224;
				_t300 = _v232;
				_t366 = _v256;
				_v168 = _t366;
				_v160 = _t393;
				if (_t326 != _t300) goto 0x27ffa06f;
				r12d = 0;
				goto 0x27ffa08d;
				if (_t300 - _t326 <= 0) goto 0x27ffa079;
				E00007FF77FF7280044B8();
				if (_t366 == 0) goto 0x27ffa085;
				if (_t366 == _v256) goto 0x27ffa08a;
				E00007FF77FF7280044B8();
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0xa0], xmm0");
				r8d = 1;
				E00007FF77FF727FF53A0(_t300,  &_v256,  &_v136, _t372, _t383,  &_v264);
				_t301 = _v232;
				if (_t301 - _v224 <= 0) goto 0x27ffa0dc;
				E00007FF77FF7280044B8();
				_t367 = _v256;
				if (_t367 != 0) goto 0x27ffa0fa;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffa102;
				_t355 = _t301 + _t393 - _t300;
				if (_t355 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0x27ffa11f;
				if (_t367 == 0) goto 0x27ffa117;
				goto 0x27ffa119;
				if (_t355 -  *((intOrPtr*)( *_t367 + 0x18)) >= 0) goto 0x27ffa138;
				E00007FF77FF7280044B8();
				_t331 = _v224;
				_t304 = _v232;
				r13b = _a32;
				goto 0x27ffa140;
				r13b = _a32;
				if (r14b == 0x3d) goto 0x27ffa27f;
				r8d = bpl & 0xffffffff;
				r8b = r8b >> 2;
				sil = sil << 4;
				r8b = r8b | sil;
				_a32 = r8b;
				if (_t304 != 0) goto 0x27ffa16a;
				goto 0x27ffa172;
				if (_t331 - _t304 - _v216 - _t304 >= 0) goto 0x27ffa192;
				 *_t331 = r8b;
				_t332 =  &(_t331[0]);
				_v224 = _t332;
				goto 0x27ffa27f;
				_t373 = _t332;
				if (_v232 - _t332 <= 0) goto 0x27ffa1a9;
				E00007FF77FF7280044B8();
				_t333 = _v224;
				_t306 = _v232;
				_t368 = _v256;
				_v184 = _t368;
				_v176 = _t373;
				if (_t333 != _t306) goto 0x27ffa1c1;
				goto 0x27ffa1df;
				if (_t306 - _t333 <= 0) goto 0x27ffa1cb;
				E00007FF77FF7280044B8();
				if (_t368 == 0) goto 0x27ffa1d7;
				if (_t368 == _v256) goto 0x27ffa1dc;
				E00007FF77FF7280044B8();
				_t374 = _t373 - _t306;
				asm("movaps xmm0, [esp+0x70]");
				asm("movdqa [esp+0xc0], xmm0");
				r8d = 1;
				E00007FF77FF727FF53A0(_t306,  &_v256,  &_v104, _t374, _t383,  &_a32);
				_t307 = _v232;
				if (_t307 - _v224 <= 0) goto 0x27ffa22e;
				E00007FF77FF7280044B8();
				_t369 = _v256;
				if (_t369 != 0) goto 0x27ffa24c;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffa254;
				_t359 = _t307 + _t374;
				if (_t359 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0x27ffa270;
				if (_t369 == 0) goto 0x27ffa268;
				goto 0x27ffa26a;
				if (_t359 -  *((intOrPtr*)( *_t369 + 0x18)) >= 0) goto 0x27ffa27f;
				E00007FF77FF7280044B8();
				_t338 = _v224;
				_t310 = _v232;
				if (r13b == 0x3d) goto 0x27ffa3bf;
				bpl = bpl << 6;
				bpl = bpl | r15b;
				_a32 = bpl;
				if (_t310 != 0) goto 0x27ffa2a1;
				goto 0x27ffa2a9;
				if (_t338 - _t310 - _v216 - _t310 >= 0) goto 0x27ffa2c9;
				 *_t338 = bpl;
				_t339 =  &(_t338[0]);
				_v224 = _t339;
				goto 0x27ffa3bf;
				_t375 = _t339;
				if (_v232 - _t339 <= 0) goto 0x27ffa2e0;
				E00007FF77FF7280044B8();
				_t340 = _v224;
				_t312 = _v232;
				_t370 = _v256;
				_v152 = _t370;
				_v144 = _t375;
				if (_t340 != _t312) goto 0x27ffa2fe;
				goto 0x27ffa31c;
				if (_t312 - _t340 <= 0) goto 0x27ffa308;
				E00007FF77FF7280044B8();
				if (_t370 == 0) goto 0x27ffa314;
				if (_t370 == _v256) goto 0x27ffa319;
				E00007FF77FF7280044B8();
				_t376 = _t375 - _t312;
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0xb0], xmm0");
				r8d = 1;
				E00007FF77FF727FF53A0(_t312,  &_v256,  &_v120, _t376, _t383,  &_a32);
				_t313 = _v232;
				if (_t313 - _v224 <= 0) goto 0x27ffa36e;
				E00007FF77FF7280044B8();
				_t371 = _v256;
				if (_t371 != 0) goto 0x27ffa38c;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffa394;
				_t363 = _t376 + _t313;
				if (_t363 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0x27ffa3b0;
				if (_t371 == 0) goto 0x27ffa3a8;
				goto 0x27ffa3aa;
				if (_t363 -  *((intOrPtr*)( *_t371 + 0x18)) >= 0) goto 0x27ffa3bf;
				E00007FF77FF7280044B8();
				r8d = _v208;
				r8d = r8d + 4;
				_v208 = r8d;
				_v200 = _v200 + 4;
				if (r8d - _a24 < 0) goto 0x27ff9ee0;
				E00007FF77FF727FFA460( *_t371, _a8, _a8,  &_v256, _t371, _t376, _t383);
				if (_v232 == 0) goto 0x27ffa418;
				E00007FF77FF7280044D8( *_t371, _a8, _v232,  &_v256, _t376, _t383, _v200 + 4);
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				return E00007FF77FF7280044D8( *_t371, _a8, _v256,  &_v256, _t376, _t383, _v200 + 4);
			}


































































                                                                                                                                                                                                    0x7ff727ff9de0
                                                                                                                                                                                                    0x7ff727ff9de0
                                                                                                                                                                                                    0x7ff727ff9de0
                                                                                                                                                                                                    0x7ff727ff9de0
                                                                                                                                                                                                    0x7ff727ff9de5
                                                                                                                                                                                                    0x7ff727ff9dea
                                                                                                                                                                                                    0x7ff727ff9e02
                                                                                                                                                                                                    0x7ff727ff9e0e
                                                                                                                                                                                                    0x7ff727ff9e11
                                                                                                                                                                                                    0x7ff727ff9e14
                                                                                                                                                                                                    0x7ff727ff9e17
                                                                                                                                                                                                    0x7ff727ff9e27
                                                                                                                                                                                                    0x7ff727ff9e2f
                                                                                                                                                                                                    0x7ff727ff9e36
                                                                                                                                                                                                    0x7ff727ff9e39
                                                                                                                                                                                                    0x7ff727ff9e3d
                                                                                                                                                                                                    0x7ff727ff9e42
                                                                                                                                                                                                    0x7ff727ff9e4b
                                                                                                                                                                                                    0x7ff727ff9e54
                                                                                                                                                                                                    0x7ff727ff9e5f
                                                                                                                                                                                                    0x7ff727ff9e69
                                                                                                                                                                                                    0x7ff727ff9e77
                                                                                                                                                                                                    0x7ff727ff9e79
                                                                                                                                                                                                    0x7ff727ff9e7e
                                                                                                                                                                                                    0x7ff727ff9e87
                                                                                                                                                                                                    0x7ff727ff9e90
                                                                                                                                                                                                    0x7ff727ff9e9e
                                                                                                                                                                                                    0x7ff727ff9ea6
                                                                                                                                                                                                    0x7ff727ff9eab
                                                                                                                                                                                                    0x7ff727ff9eb3
                                                                                                                                                                                                    0x7ff727ff9eb8
                                                                                                                                                                                                    0x7ff727ff9ebb
                                                                                                                                                                                                    0x7ff727ff9ec0
                                                                                                                                                                                                    0x7ff727ff9ec3
                                                                                                                                                                                                    0x7ff727ff9eca
                                                                                                                                                                                                    0x7ff727ff9ed0
                                                                                                                                                                                                    0x7ff727ff9ed5
                                                                                                                                                                                                    0x7ff727ff9eda
                                                                                                                                                                                                    0x7ff727ff9ee6
                                                                                                                                                                                                    0x7ff727ff9ee9
                                                                                                                                                                                                    0x7ff727ff9eed
                                                                                                                                                                                                    0x7ff727ff9ef1
                                                                                                                                                                                                    0x7ff727ff9ef9
                                                                                                                                                                                                    0x7ff727ff9eff
                                                                                                                                                                                                    0x7ff727ff9f07
                                                                                                                                                                                                    0x7ff727ff9f0d
                                                                                                                                                                                                    0x7ff727ff9f0f
                                                                                                                                                                                                    0x7ff727ff9f14
                                                                                                                                                                                                    0x7ff727ff9f1a
                                                                                                                                                                                                    0x7ff727ff9f1c
                                                                                                                                                                                                    0x7ff727ff9f21
                                                                                                                                                                                                    0x7ff727ff9f29
                                                                                                                                                                                                    0x7ff727ff9f2e
                                                                                                                                                                                                    0x7ff727ff9f33
                                                                                                                                                                                                    0x7ff727ff9f35
                                                                                                                                                                                                    0x7ff727ff9f3a
                                                                                                                                                                                                    0x7ff727ff9f3f
                                                                                                                                                                                                    0x7ff727ff9f41
                                                                                                                                                                                                    0x7ff727ff9f46
                                                                                                                                                                                                    0x7ff727ff9f4b
                                                                                                                                                                                                    0x7ff727ff9f56
                                                                                                                                                                                                    0x7ff727ff9f5b
                                                                                                                                                                                                    0x7ff727ff9f5d
                                                                                                                                                                                                    0x7ff727ff9f61
                                                                                                                                                                                                    0x7ff727ff9f63
                                                                                                                                                                                                    0x7ff727ff9f68
                                                                                                                                                                                                    0x7ff727ff9f6a
                                                                                                                                                                                                    0x7ff727ff9f6e
                                                                                                                                                                                                    0x7ff727ff9f70
                                                                                                                                                                                                    0x7ff727ff9f75
                                                                                                                                                                                                    0x7ff727ff9f77
                                                                                                                                                                                                    0x7ff727ff9f7b
                                                                                                                                                                                                    0x7ff727ff9f81
                                                                                                                                                                                                    0x7ff727ff9f85
                                                                                                                                                                                                    0x7ff727ff9f8f
                                                                                                                                                                                                    0x7ff727ff9f95
                                                                                                                                                                                                    0x7ff727ff9f9d
                                                                                                                                                                                                    0x7ff727ff9fa3
                                                                                                                                                                                                    0x7ff727ff9fab
                                                                                                                                                                                                    0x7ff727ff9fb1
                                                                                                                                                                                                    0x7ff727ff9fb7
                                                                                                                                                                                                    0x7ff727ff9fbb
                                                                                                                                                                                                    0x7ff727ff9fbf
                                                                                                                                                                                                    0x7ff727ff9fc5
                                                                                                                                                                                                    0x7ff727ff9fc7
                                                                                                                                                                                                    0x7ff727ff9fc7
                                                                                                                                                                                                    0x7ff727ff9fcb
                                                                                                                                                                                                    0x7ff727ff9fcd
                                                                                                                                                                                                    0x7ff727ff9fd3
                                                                                                                                                                                                    0x7ff727ff9fd5
                                                                                                                                                                                                    0x7ff727ff9fd5
                                                                                                                                                                                                    0x7ff727ff9fd9
                                                                                                                                                                                                    0x7ff727ff9fdb
                                                                                                                                                                                                    0x7ff727ff9fe1
                                                                                                                                                                                                    0x7ff727ff9fe3
                                                                                                                                                                                                    0x7ff727ff9fe3
                                                                                                                                                                                                    0x7ff727ff9fe7
                                                                                                                                                                                                    0x7ff727ff9fed
                                                                                                                                                                                                    0x7ff727ff9ff1
                                                                                                                                                                                                    0x7ff727ff9ff5
                                                                                                                                                                                                    0x7ff727ff9ff9
                                                                                                                                                                                                    0x7ff727ffa000
                                                                                                                                                                                                    0x7ff727ffa003
                                                                                                                                                                                                    0x7ff727ffa00b
                                                                                                                                                                                                    0x7ff727ffa00f
                                                                                                                                                                                                    0x7ff727ffa022
                                                                                                                                                                                                    0x7ff727ffa024
                                                                                                                                                                                                    0x7ff727ffa027
                                                                                                                                                                                                    0x7ff727ffa02a
                                                                                                                                                                                                    0x7ff727ffa034
                                                                                                                                                                                                    0x7ff727ffa039
                                                                                                                                                                                                    0x7ff727ffa03f
                                                                                                                                                                                                    0x7ff727ffa041
                                                                                                                                                                                                    0x7ff727ffa046
                                                                                                                                                                                                    0x7ff727ffa04b
                                                                                                                                                                                                    0x7ff727ffa050
                                                                                                                                                                                                    0x7ff727ffa055
                                                                                                                                                                                                    0x7ff727ffa05d
                                                                                                                                                                                                    0x7ff727ffa068
                                                                                                                                                                                                    0x7ff727ffa06a
                                                                                                                                                                                                    0x7ff727ffa06d
                                                                                                                                                                                                    0x7ff727ffa072
                                                                                                                                                                                                    0x7ff727ffa074
                                                                                                                                                                                                    0x7ff727ffa07c
                                                                                                                                                                                                    0x7ff727ffa083
                                                                                                                                                                                                    0x7ff727ffa085
                                                                                                                                                                                                    0x7ff727ffa08d
                                                                                                                                                                                                    0x7ff727ffa095
                                                                                                                                                                                                    0x7ff727ffa0a3
                                                                                                                                                                                                    0x7ff727ffa0b6
                                                                                                                                                                                                    0x7ff727ffa0bb
                                                                                                                                                                                                    0x7ff727ffa0cb
                                                                                                                                                                                                    0x7ff727ffa0cd
                                                                                                                                                                                                    0x7ff727ffa0dc
                                                                                                                                                                                                    0x7ff727ffa0e4
                                                                                                                                                                                                    0x7ff727ffa0e6
                                                                                                                                                                                                    0x7ff727ffa0eb
                                                                                                                                                                                                    0x7ff727ffa0f8
                                                                                                                                                                                                    0x7ff727ffa102
                                                                                                                                                                                                    0x7ff727ffa10b
                                                                                                                                                                                                    0x7ff727ffa110
                                                                                                                                                                                                    0x7ff727ffa115
                                                                                                                                                                                                    0x7ff727ffa11d
                                                                                                                                                                                                    0x7ff727ffa11f
                                                                                                                                                                                                    0x7ff727ffa124
                                                                                                                                                                                                    0x7ff727ffa129
                                                                                                                                                                                                    0x7ff727ffa12e
                                                                                                                                                                                                    0x7ff727ffa136
                                                                                                                                                                                                    0x7ff727ffa138
                                                                                                                                                                                                    0x7ff727ffa144
                                                                                                                                                                                                    0x7ff727ffa14a
                                                                                                                                                                                                    0x7ff727ffa14e
                                                                                                                                                                                                    0x7ff727ffa152
                                                                                                                                                                                                    0x7ff727ffa156
                                                                                                                                                                                                    0x7ff727ffa159
                                                                                                                                                                                                    0x7ff727ffa164
                                                                                                                                                                                                    0x7ff727ffa168
                                                                                                                                                                                                    0x7ff727ffa17b
                                                                                                                                                                                                    0x7ff727ffa17d
                                                                                                                                                                                                    0x7ff727ffa180
                                                                                                                                                                                                    0x7ff727ffa183
                                                                                                                                                                                                    0x7ff727ffa18d
                                                                                                                                                                                                    0x7ff727ffa192
                                                                                                                                                                                                    0x7ff727ffa198
                                                                                                                                                                                                    0x7ff727ffa19a
                                                                                                                                                                                                    0x7ff727ffa19f
                                                                                                                                                                                                    0x7ff727ffa1a4
                                                                                                                                                                                                    0x7ff727ffa1a9
                                                                                                                                                                                                    0x7ff727ffa1ae
                                                                                                                                                                                                    0x7ff727ffa1b3
                                                                                                                                                                                                    0x7ff727ffa1bb
                                                                                                                                                                                                    0x7ff727ffa1bf
                                                                                                                                                                                                    0x7ff727ffa1c4
                                                                                                                                                                                                    0x7ff727ffa1c6
                                                                                                                                                                                                    0x7ff727ffa1ce
                                                                                                                                                                                                    0x7ff727ffa1d5
                                                                                                                                                                                                    0x7ff727ffa1d7
                                                                                                                                                                                                    0x7ff727ffa1dc
                                                                                                                                                                                                    0x7ff727ffa1df
                                                                                                                                                                                                    0x7ff727ffa1e4
                                                                                                                                                                                                    0x7ff727ffa1f5
                                                                                                                                                                                                    0x7ff727ffa208
                                                                                                                                                                                                    0x7ff727ffa20d
                                                                                                                                                                                                    0x7ff727ffa21d
                                                                                                                                                                                                    0x7ff727ffa21f
                                                                                                                                                                                                    0x7ff727ffa22e
                                                                                                                                                                                                    0x7ff727ffa236
                                                                                                                                                                                                    0x7ff727ffa238
                                                                                                                                                                                                    0x7ff727ffa23d
                                                                                                                                                                                                    0x7ff727ffa24a
                                                                                                                                                                                                    0x7ff727ffa254
                                                                                                                                                                                                    0x7ff727ffa25c
                                                                                                                                                                                                    0x7ff727ffa261
                                                                                                                                                                                                    0x7ff727ffa266
                                                                                                                                                                                                    0x7ff727ffa26e
                                                                                                                                                                                                    0x7ff727ffa270
                                                                                                                                                                                                    0x7ff727ffa275
                                                                                                                                                                                                    0x7ff727ffa27a
                                                                                                                                                                                                    0x7ff727ffa283
                                                                                                                                                                                                    0x7ff727ffa289
                                                                                                                                                                                                    0x7ff727ffa28d
                                                                                                                                                                                                    0x7ff727ffa290
                                                                                                                                                                                                    0x7ff727ffa29b
                                                                                                                                                                                                    0x7ff727ffa29f
                                                                                                                                                                                                    0x7ff727ffa2b2
                                                                                                                                                                                                    0x7ff727ffa2b4
                                                                                                                                                                                                    0x7ff727ffa2b7
                                                                                                                                                                                                    0x7ff727ffa2ba
                                                                                                                                                                                                    0x7ff727ffa2c4
                                                                                                                                                                                                    0x7ff727ffa2c9
                                                                                                                                                                                                    0x7ff727ffa2cf
                                                                                                                                                                                                    0x7ff727ffa2d1
                                                                                                                                                                                                    0x7ff727ffa2d6
                                                                                                                                                                                                    0x7ff727ffa2db
                                                                                                                                                                                                    0x7ff727ffa2e0
                                                                                                                                                                                                    0x7ff727ffa2e5
                                                                                                                                                                                                    0x7ff727ffa2ed
                                                                                                                                                                                                    0x7ff727ffa2f8
                                                                                                                                                                                                    0x7ff727ffa2fc
                                                                                                                                                                                                    0x7ff727ffa301
                                                                                                                                                                                                    0x7ff727ffa303
                                                                                                                                                                                                    0x7ff727ffa30b
                                                                                                                                                                                                    0x7ff727ffa312
                                                                                                                                                                                                    0x7ff727ffa314
                                                                                                                                                                                                    0x7ff727ffa319
                                                                                                                                                                                                    0x7ff727ffa31c
                                                                                                                                                                                                    0x7ff727ffa324
                                                                                                                                                                                                    0x7ff727ffa335
                                                                                                                                                                                                    0x7ff727ffa348
                                                                                                                                                                                                    0x7ff727ffa34d
                                                                                                                                                                                                    0x7ff727ffa35d
                                                                                                                                                                                                    0x7ff727ffa35f
                                                                                                                                                                                                    0x7ff727ffa36e
                                                                                                                                                                                                    0x7ff727ffa376
                                                                                                                                                                                                    0x7ff727ffa378
                                                                                                                                                                                                    0x7ff727ffa37d
                                                                                                                                                                                                    0x7ff727ffa38a
                                                                                                                                                                                                    0x7ff727ffa394
                                                                                                                                                                                                    0x7ff727ffa39c
                                                                                                                                                                                                    0x7ff727ffa3a1
                                                                                                                                                                                                    0x7ff727ffa3a6
                                                                                                                                                                                                    0x7ff727ffa3ae
                                                                                                                                                                                                    0x7ff727ffa3b0
                                                                                                                                                                                                    0x7ff727ffa3bf
                                                                                                                                                                                                    0x7ff727ffa3c4
                                                                                                                                                                                                    0x7ff727ffa3c8
                                                                                                                                                                                                    0x7ff727ffa3d6
                                                                                                                                                                                                    0x7ff727ffa3ed
                                                                                                                                                                                                    0x7ff727ffa403
                                                                                                                                                                                                    0x7ff727ffa411
                                                                                                                                                                                                    0x7ff727ffa413
                                                                                                                                                                                                    0x7ff727ffa418
                                                                                                                                                                                                    0x7ff727ffa421
                                                                                                                                                                                                    0x7ff727ffa42a
                                                                                                                                                                                                    0x7ff727ffa453

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: c150c4ca955c388edfe3a66c9f1b7fa42ad70acee1887465953eb8fb120a1af7
                                                                                                                                                                                                    • Instruction ID: 3a01647e467ae4cc2c427fb552f7893a88e19429aa7769a8efc3df3a9f14f694
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c150c4ca955c388edfe3a66c9f1b7fa42ad70acee1887465953eb8fb120a1af7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5712C82260CA8181E720FB15E9403AEE361EB87794FD84031DB9D47AD9DF2DE6438F25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728017DE0 Relevance: 24.1, APIs: 16, Instructions: 142memoryCOMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 23%
                                                                                                                                                                                                    			E00007FF77FF728017DE0(void* __ebx, void* __edi, long long __rbx, long long __rbp, void* __r9, long long _a8) {
				void* _v24;
				char _v40;
				char _v56;
				long long _v64;
				long long _v72;
				long long _v88;
				void* __rsi;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr* _t113;
				long long _t114;
				intOrPtr* _t115;
				intOrPtr* _t119;

				_t57 = __ebx;
				_t90 = _t119;
				_v88 = 0xfffffffe;
				 *((long long*)(_t90 + 0x10)) = __rbx;
				 *((long long*)(_t90 + 0x18)) = __rbp;
				_t58 =  *0x28041798; // 0xffffffff
				if (_t58 != 0xffffffff) goto 0x28017e0b;
				goto 0x28017e14;
				TlsGetValue(??);
				_t115 = _t90;
				_a8 = _t115;
				if (_t115 == 0) goto 0x28017f9e;
				if ( *((long long*)(_t115 + 0x60)) != 0) goto 0x28017e39;
				if ( *((long long*)(_t115 + 0x18)) == 0) goto 0x28017f77;
				goto 0x28017e40;
				if ( *((long long*)(_t115 + 0x18)) == 0) goto 0x28017e96;
				_t113 =  *((intOrPtr*)(_t115 + 0x18));
				 *((long long*)(_t115 + 0x18)) =  *((intOrPtr*)(_t113 + 8));
				_t101 =  *_t113;
				if (_t101 == 0) goto 0x28017e7b;
				 *((intOrPtr*)( *_t101 + 8))();
				 *((intOrPtr*)( *((intOrPtr*)( *_t113))))();
				GetProcessHeap();
				HeapFree(??, ??, ??);
				GetProcessHeap();
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t115 + 0x18)) != 0) goto 0x28017e40;
				if ( *((long long*)(_t115 + 0x60)) == 0) goto 0x28017e25;
				_t114 =  *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x58))));
				_v64 = _t114;
				_t99 =  *((intOrPtr*)(_t115 + 0x28));
				_v72 = _t99;
				if (_t99 != 0) goto 0x28017ec4;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28017ec7;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0x28017ed2;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t114 + 0x20)) == 0) goto 0x28017f49;
				if (_t99 != 0) goto 0x28017ee8;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28017eeb;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0x28017ef6;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t114 + 0x30)) == 0) goto 0x28017f49;
				if (_t99 != 0) goto 0x28017f0c;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28017f0f;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0x28017f1a;
				E00007FF77FF7280044B8();
				if (_t99 != 0) goto 0x28017f2d;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28017f30;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0x28017f3b;
				E00007FF77FF7280044B8();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x20)))) + 8))();
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x40], xmm0");
				_t29 = _t115 + 0x28; // 0x28
				E00007FF77FF727FF5EB0(0, __edi, _t99, _t29,  &_v40, _t115,  &_v56, __r9);
				if ( *((long long*)(_t115 + 0x60)) != 0) goto 0x28017ea0;
				goto 0x28017e25;
				E00007FF77FF7280163B0(_t57, _t99, 0x28044010, 0x7ff7280161c0, _t115);
				_t59 =  *0x28041798; // 0xffffffff
				if (_t59 == 0xffffffff) goto 0x28017f9e;
				TlsSetValue(??, ??);
				_t88 = _t115;
				if (_t88 == 0) goto 0x28017fc8;
				asm("lock add dword [esi+0x8], 0xffffffff");
				if (_t88 != 0) goto 0x28017fc8;
				 *((intOrPtr*)( *_t115))();
				GetProcessHeap();
				return HeapFree(??, ??, ??);
			}





















                                                                                                                                                                                                    0x7ff728017de0
                                                                                                                                                                                                    0x7ff728017de0
                                                                                                                                                                                                    0x7ff728017deb
                                                                                                                                                                                                    0x7ff728017df4
                                                                                                                                                                                                    0x7ff728017df8
                                                                                                                                                                                                    0x7ff728017dfc
                                                                                                                                                                                                    0x7ff728017e05
                                                                                                                                                                                                    0x7ff728017e09
                                                                                                                                                                                                    0x7ff728017e0b
                                                                                                                                                                                                    0x7ff728017e11
                                                                                                                                                                                                    0x7ff728017e14
                                                                                                                                                                                                    0x7ff728017e1f
                                                                                                                                                                                                    0x7ff728017e2a
                                                                                                                                                                                                    0x7ff728017e31
                                                                                                                                                                                                    0x7ff728017e37
                                                                                                                                                                                                    0x7ff728017e3e
                                                                                                                                                                                                    0x7ff728017e40
                                                                                                                                                                                                    0x7ff728017e48
                                                                                                                                                                                                    0x7ff728017e4c
                                                                                                                                                                                                    0x7ff728017e52
                                                                                                                                                                                                    0x7ff728017e57
                                                                                                                                                                                                    0x7ff728017e65
                                                                                                                                                                                                    0x7ff728017e67
                                                                                                                                                                                                    0x7ff728017e75
                                                                                                                                                                                                    0x7ff728017e7b
                                                                                                                                                                                                    0x7ff728017e89
                                                                                                                                                                                                    0x7ff728017e94
                                                                                                                                                                                                    0x7ff728017e9b
                                                                                                                                                                                                    0x7ff728017ea4
                                                                                                                                                                                                    0x7ff728017ea7
                                                                                                                                                                                                    0x7ff728017eac
                                                                                                                                                                                                    0x7ff728017eb0
                                                                                                                                                                                                    0x7ff728017eb8
                                                                                                                                                                                                    0x7ff728017eba
                                                                                                                                                                                                    0x7ff728017ebf
                                                                                                                                                                                                    0x7ff728017ec2
                                                                                                                                                                                                    0x7ff728017ecb
                                                                                                                                                                                                    0x7ff728017ecd
                                                                                                                                                                                                    0x7ff728017ed7
                                                                                                                                                                                                    0x7ff728017edc
                                                                                                                                                                                                    0x7ff728017ede
                                                                                                                                                                                                    0x7ff728017ee3
                                                                                                                                                                                                    0x7ff728017ee6
                                                                                                                                                                                                    0x7ff728017eef
                                                                                                                                                                                                    0x7ff728017ef1
                                                                                                                                                                                                    0x7ff728017efb
                                                                                                                                                                                                    0x7ff728017f00
                                                                                                                                                                                                    0x7ff728017f02
                                                                                                                                                                                                    0x7ff728017f07
                                                                                                                                                                                                    0x7ff728017f0a
                                                                                                                                                                                                    0x7ff728017f13
                                                                                                                                                                                                    0x7ff728017f15
                                                                                                                                                                                                    0x7ff728017f21
                                                                                                                                                                                                    0x7ff728017f23
                                                                                                                                                                                                    0x7ff728017f28
                                                                                                                                                                                                    0x7ff728017f2b
                                                                                                                                                                                                    0x7ff728017f34
                                                                                                                                                                                                    0x7ff728017f36
                                                                                                                                                                                                    0x7ff728017f46
                                                                                                                                                                                                    0x7ff728017f49
                                                                                                                                                                                                    0x7ff728017f4e
                                                                                                                                                                                                    0x7ff728017f5e
                                                                                                                                                                                                    0x7ff728017f62
                                                                                                                                                                                                    0x7ff728017f6c
                                                                                                                                                                                                    0x7ff728017f72
                                                                                                                                                                                                    0x7ff728017f85
                                                                                                                                                                                                    0x7ff728017f8a
                                                                                                                                                                                                    0x7ff728017f93
                                                                                                                                                                                                    0x7ff728017f97
                                                                                                                                                                                                    0x7ff728017f9e
                                                                                                                                                                                                    0x7ff728017fa1
                                                                                                                                                                                                    0x7ff728017fa3
                                                                                                                                                                                                    0x7ff728017fa8
                                                                                                                                                                                                    0x7ff728017fb2
                                                                                                                                                                                                    0x7ff728017fb4
                                                                                                                                                                                                    0x7ff728017fdc

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$Heap$Event$CloseFreeHandleProcess$Value$CreateOpenReset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3479055706-0
                                                                                                                                                                                                    • Opcode ID: d7bddb002446de1d6353830d7340297a2e8ea3ae02d25d3a1f121764180d7d71
                                                                                                                                                                                                    • Instruction ID: 85e2272b443211c87f728725fcec77ff131e8aa11ae004659b78832d06e1bf55
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7bddb002446de1d6353830d7340297a2e8ea3ae02d25d3a1f121764180d7d71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21619322A18A0682E775BB21DD00379E3E1FB44B64F94A136DA5E036D5EF3DF841CB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802B970 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 271memoryCOMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF77FF72802B970(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __rbx, long long __rcx, long long __r8, void* __r10, void* _a16) {
				signed int _v48;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v104;
				long long _v112;
				char _v128;
				char _v136;
				long long _v144;
				intOrPtr _v168;
				char _v176;
				long long _v184;
				intOrPtr _v208;
				char _v216;
				long long _v224;
				long long _v240;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				void* _v288;
				char _v292;
				signed int _v296;
				char _v304;
				char _v312;
				long long _v328;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed short _t123;
				void* _t136;
				signed int* _t153;
				void* _t160;
				signed long long _t186;
				signed int _t190;
				signed long long _t195;
				signed long long _t196;
				void* _t219;
				void* _t224;
				long long _t243;
				long long _t244;
				signed int* _t245;
				void* _t246;
				void* _t247;
				signed short* _t253;
				signed long long _t261;
				void* _t262;
				void* _t267;
				void* _t268;
				long long _t269;
				void* _t270;

				_t267 = __r10;
				_t140 = __edx;
				_t138 = __ecx;
				_t268 = _t247;
				_v224 = 0xfffffffe;
				 *((long long*)(_t268 + 0x10)) = __rbx;
				_t186 =  *0x28040430; // 0x449f3b8ca6a
				_v48 = _t186 ^ _t247 - 0x00000140;
				_t244 = __r8;
				_t243 = __rcx;
				 *((long long*)(_t268 - 0x38)) = __rcx;
				r12d = 0;
				_v296 = r12d;
				_t152 = __edx;
				if (__edx != 0) goto 0x2802ba95;
				 *((long long*)(_t268 - 0xe8)) = 7;
				_v240 = _t269;
				_v256 = r12w;
				_t195 = __rbx | 0xffffffff;
				_t261 = _t195;
				r8d = 0;
				E00007FF77FF727FF2390(_t195,  &_v264, __rcx, __rcx, __r8, _t246, __r8, _t261);
				_v328 = _t244;
				r9b = 1;
				E00007FF77FF727FF6710(_t140, _t152, _t195,  &_v288, _t246,  &_v264, _t261);
				E00007FF77FF728016BF0(_t195,  &_v288);
				_t245 = _v288;
				_t153 = _t245;
				if (_t153 == 0) goto 0x2802ba6d;
				asm("lock xadd [esi+0x8], ebx");
				_t136 = __ebx + 0xffffffff;
				if (_t153 != 0) goto 0x2802ba6d;
				 *( *_t245)();
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0x2802ba6d;
				_t16 = _t269 + 0x49; // 0x49
				r9d = _t16;
				_t253 = "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp";
				E00007FF77FF72802AB00(_t136, __ecx, __edi, _t195, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t245, _t246, _t253, _t261);
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0x2802ba7d;
				E00007FF77FF7280044D8( *_t245, _t195,  *((intOrPtr*)(_t243 + 8)), "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t245, _t253, _t261);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				goto 0x2802be31;
				E00007FF77FF72802B410(_t136, _t138, 0,  *((long long*)(_t243 + 0x20)) - 8, _t195,  &_v136,  *((intOrPtr*)(_t243 + 8)), _t246, _t253, _t267);
				r9d = 4;
				_t262 =  <  ? _v112 : _t261;
				_t208 =  >=  ? _v128 :  &_v128;
				r8d = 4;
				_t254 =  <  ? _t262 : _t253;
				_t196 = _t195 | 0xffffffff;
				if (( <  ? _t262 : _t253) == 0) goto 0x2802bb19;
				_t160 =  *((intOrPtr*)( >=  ? _v128 :  &_v128)) - (L"\\\\?\\" & 0x0000ffff);
				if (_t160 != 0) goto 0x2802bb0a;
				if (_t160 != 0) goto 0x2802baf2;
				goto 0x2802bb19;
				r8d = 1;
				r8d =  <  ? _t136 : r8d;
				goto 0x2802bb1c;
				r8d = r12d;
				_t190 = r8d;
				if (r8d != 0) goto 0x2802bb34;
				if (_t262 - 4 < 0) goto 0x2802bb84;
				if ((r12d & 0xffffff00 | _t262 != 0x00000004) != 0) goto 0x2802bb84;
				_t29 = _t190 + 4; // 0x8
				r8d = _t29;
				E00007FF77FF727FF4500(_t190,  &_v136,  &_v176);
				r8d = r8d ^ r8d;
				E00007FF77FF727FF2390(_t196,  &_v136, _t190, _t243, _t245, _t246, ( <  ? _t262 : _t253) - 1, _t196);
				if (_v144 - 8 < 0) goto 0x2802bb84;
				E00007FF77FF7280044D8(_t190, _t196, _v168, _t190, _t245, ( <  ? _t262 : _t253) - 1, _t196);
				r13d = 0x5c;
				_v312 = r13w;
				r9d = _t270 - 0x5b;
				E00007FF77FF727FF4BB0(_t196,  &_v136,  &_v312, _t243, _t245, _t246);
				if (_t190 == 0xffffffff) goto 0x2802bbf5;
				_v304 = r13w;
				r9d = _t270 - 0x5b;
				E00007FF77FF727FF4BB0(_t196,  &_v136,  &_v304, _t243, _t245, _t246);
				r8d = 0;
				E00007FF77FF727FF4500(_t190,  &_v136,  &_v216);
				_v296 = 1;
				goto 0x2802bbfd;
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				_t266 = _t196;
				r8d = 0;
				_t242 =  &_v136;
				E00007FF77FF727FF2390(_t196,  &_v96,  &_v136, _t243, _t245, _t246, _t196, _t196);
				if ((bpl & 0x00000001) == 0) goto 0x2802bc4f;
				if (_v184 - 8 < 0) goto 0x2802bc4f;
				_t123 = E00007FF77FF7280044D8( &_v136, _t196, _v208,  &_v136, _t245, _t196, _t196);
				_t219 =  >=  ? _v88 :  &_v88;
				_v328 =  &_v292;
				r9d = 0;
				__imp__SHParseDisplayName();
				if (_t123 == 0) goto 0x2802bd27;
				if (_t245 == 0) goto 0x2802bc95;
				 *_t245 = _t123 & 0x0000ffff;
				if (_v64 - 8 < 0) goto 0x2802bcad;
				E00007FF77FF7280044D8( &_v292, _t196, _v88,  &_v136, _t245,  &_v280, _t196);
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				if (_v104 - 8 < 0) goto 0x2802bce2;
				E00007FF77FF7280044D8( &_v292, _t196, _v128,  &_v136, _t245,  &_v280, _t196);
				_v104 = 7;
				_v112 = _t269;
				_v128 = r12w;
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0x2802bd0f;
				E00007FF77FF7280044D8( &_v292, _t196,  *((intOrPtr*)(_t243 + 8)),  &_v136, _t245,  &_v280, _t196);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				goto 0x2802be31;
				_t224 =  >=  ? _v128 :  &_v128;
				_v328 =  &_v292;
				r9d = 0;
				__imp__SHParseDisplayName();
				__imp__CoInitializeEx();
				r9d = 0;
				__imp__SHOpenFolderAndSelectItems();
				if (0 == 0) goto 0x2802bd95;
				if (_t245 == 0) goto 0x2802bd95;
				 *_t245 = 0;
				if (0 == 0) goto 0x2802bd9e;
				if (0 != 1) goto 0x2802bda4;
				__imp__CoUninitialize();
				if (_v64 - 8 < 0) goto 0x2802bdbc;
				E00007FF77FF7280044D8( &_v292, _t196, _v88,  &_v136, _t245,  &_v272, _t196);
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				if (_v104 - 8 < 0) goto 0x2802bdf1;
				E00007FF77FF7280044D8( &_v292, _t196, _v128, _t242, _t245,  &_v272, _t266);
				_v104 = 7;
				_v112 = _t269;
				_v128 = r12w;
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0x2802be1e;
				E00007FF77FF7280044D8( &_v292, _t196,  *((intOrPtr*)(_t243 + 8)), _t242, _t245,  &_v272, _t266);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				return E00007FF77FF728004050(0, _v48 ^ _t247 - 0x00000140, _t242,  &_v272, _t266);
			}























































                                                                                                                                                                                                    0x7ff72802b970
                                                                                                                                                                                                    0x7ff72802b970
                                                                                                                                                                                                    0x7ff72802b970
                                                                                                                                                                                                    0x7ff72802b970
                                                                                                                                                                                                    0x7ff72802b981
                                                                                                                                                                                                    0x7ff72802b98d
                                                                                                                                                                                                    0x7ff72802b991
                                                                                                                                                                                                    0x7ff72802b99b
                                                                                                                                                                                                    0x7ff72802b9a3
                                                                                                                                                                                                    0x7ff72802b9a6
                                                                                                                                                                                                    0x7ff72802b9a9
                                                                                                                                                                                                    0x7ff72802b9ad
                                                                                                                                                                                                    0x7ff72802b9b3
                                                                                                                                                                                                    0x7ff72802b9b8
                                                                                                                                                                                                    0x7ff72802b9ba
                                                                                                                                                                                                    0x7ff72802b9c0
                                                                                                                                                                                                    0x7ff72802b9cb
                                                                                                                                                                                                    0x7ff72802b9d0
                                                                                                                                                                                                    0x7ff72802b9d6
                                                                                                                                                                                                    0x7ff72802b9da
                                                                                                                                                                                                    0x7ff72802b9dd
                                                                                                                                                                                                    0x7ff72802b9e8
                                                                                                                                                                                                    0x7ff72802b9ed
                                                                                                                                                                                                    0x7ff72802b9f2
                                                                                                                                                                                                    0x7ff72802ba06
                                                                                                                                                                                                    0x7ff72802ba11
                                                                                                                                                                                                    0x7ff72802ba17
                                                                                                                                                                                                    0x7ff72802ba1c
                                                                                                                                                                                                    0x7ff72802ba1f
                                                                                                                                                                                                    0x7ff72802ba21
                                                                                                                                                                                                    0x7ff72802ba26
                                                                                                                                                                                                    0x7ff72802ba29
                                                                                                                                                                                                    0x7ff72802ba33
                                                                                                                                                                                                    0x7ff72802ba35
                                                                                                                                                                                                    0x7ff72802ba4b
                                                                                                                                                                                                    0x7ff72802ba4d
                                                                                                                                                                                                    0x7ff72802ba4d
                                                                                                                                                                                                    0x7ff72802ba52
                                                                                                                                                                                                    0x7ff72802ba67
                                                                                                                                                                                                    0x7ff72802ba72
                                                                                                                                                                                                    0x7ff72802ba78
                                                                                                                                                                                                    0x7ff72802ba7d
                                                                                                                                                                                                    0x7ff72802ba85
                                                                                                                                                                                                    0x7ff72802ba89
                                                                                                                                                                                                    0x7ff72802ba90
                                                                                                                                                                                                    0x7ff72802baa0
                                                                                                                                                                                                    0x7ff72802baa6
                                                                                                                                                                                                    0x7ff72802bab7
                                                                                                                                                                                                    0x7ff72802bacc
                                                                                                                                                                                                    0x7ff72802bad5
                                                                                                                                                                                                    0x7ff72802bade
                                                                                                                                                                                                    0x7ff72802bae9
                                                                                                                                                                                                    0x7ff72802baf0
                                                                                                                                                                                                    0x7ff72802baf5
                                                                                                                                                                                                    0x7ff72802baf8
                                                                                                                                                                                                    0x7ff72802bb06
                                                                                                                                                                                                    0x7ff72802bb08
                                                                                                                                                                                                    0x7ff72802bb0a
                                                                                                                                                                                                    0x7ff72802bb13
                                                                                                                                                                                                    0x7ff72802bb17
                                                                                                                                                                                                    0x7ff72802bb19
                                                                                                                                                                                                    0x7ff72802bb1c
                                                                                                                                                                                                    0x7ff72802bb22
                                                                                                                                                                                                    0x7ff72802bb28
                                                                                                                                                                                                    0x7ff72802bb36
                                                                                                                                                                                                    0x7ff72802bb3b
                                                                                                                                                                                                    0x7ff72802bb3b
                                                                                                                                                                                                    0x7ff72802bb4f
                                                                                                                                                                                                    0x7ff72802bb58
                                                                                                                                                                                                    0x7ff72802bb66
                                                                                                                                                                                                    0x7ff72802bb75
                                                                                                                                                                                                    0x7ff72802bb7f
                                                                                                                                                                                                    0x7ff72802bb84
                                                                                                                                                                                                    0x7ff72802bb8a
                                                                                                                                                                                                    0x7ff72802bb90
                                                                                                                                                                                                    0x7ff72802bba4
                                                                                                                                                                                                    0x7ff72802bbad
                                                                                                                                                                                                    0x7ff72802bbaf
                                                                                                                                                                                                    0x7ff72802bbb5
                                                                                                                                                                                                    0x7ff72802bbc9
                                                                                                                                                                                                    0x7ff72802bbd1
                                                                                                                                                                                                    0x7ff72802bbe4
                                                                                                                                                                                                    0x7ff72802bbef
                                                                                                                                                                                                    0x7ff72802bbf3
                                                                                                                                                                                                    0x7ff72802bbfd
                                                                                                                                                                                                    0x7ff72802bc09
                                                                                                                                                                                                    0x7ff72802bc11
                                                                                                                                                                                                    0x7ff72802bc1a
                                                                                                                                                                                                    0x7ff72802bc1d
                                                                                                                                                                                                    0x7ff72802bc20
                                                                                                                                                                                                    0x7ff72802bc2b
                                                                                                                                                                                                    0x7ff72802bc35
                                                                                                                                                                                                    0x7ff72802bc40
                                                                                                                                                                                                    0x7ff72802bc4a
                                                                                                                                                                                                    0x7ff72802bc60
                                                                                                                                                                                                    0x7ff72802bc6e
                                                                                                                                                                                                    0x7ff72802bc73
                                                                                                                                                                                                    0x7ff72802bc7d
                                                                                                                                                                                                    0x7ff72802bc85
                                                                                                                                                                                                    0x7ff72802bc8e
                                                                                                                                                                                                    0x7ff72802bc93
                                                                                                                                                                                                    0x7ff72802bc9e
                                                                                                                                                                                                    0x7ff72802bca8
                                                                                                                                                                                                    0x7ff72802bcad
                                                                                                                                                                                                    0x7ff72802bcb9
                                                                                                                                                                                                    0x7ff72802bcc1
                                                                                                                                                                                                    0x7ff72802bcd3
                                                                                                                                                                                                    0x7ff72802bcdd
                                                                                                                                                                                                    0x7ff72802bce2
                                                                                                                                                                                                    0x7ff72802bcee
                                                                                                                                                                                                    0x7ff72802bcf6
                                                                                                                                                                                                    0x7ff72802bd04
                                                                                                                                                                                                    0x7ff72802bd0a
                                                                                                                                                                                                    0x7ff72802bd0f
                                                                                                                                                                                                    0x7ff72802bd17
                                                                                                                                                                                                    0x7ff72802bd1b
                                                                                                                                                                                                    0x7ff72802bd22
                                                                                                                                                                                                    0x7ff72802bd38
                                                                                                                                                                                                    0x7ff72802bd46
                                                                                                                                                                                                    0x7ff72802bd4b
                                                                                                                                                                                                    0x7ff72802bd55
                                                                                                                                                                                                    0x7ff72802bd64
                                                                                                                                                                                                    0x7ff72802bd74
                                                                                                                                                                                                    0x7ff72802bd81
                                                                                                                                                                                                    0x7ff72802bd89
                                                                                                                                                                                                    0x7ff72802bd8e
                                                                                                                                                                                                    0x7ff72802bd93
                                                                                                                                                                                                    0x7ff72802bd97
                                                                                                                                                                                                    0x7ff72802bd9c
                                                                                                                                                                                                    0x7ff72802bd9e
                                                                                                                                                                                                    0x7ff72802bdad
                                                                                                                                                                                                    0x7ff72802bdb7
                                                                                                                                                                                                    0x7ff72802bdbc
                                                                                                                                                                                                    0x7ff72802bdc8
                                                                                                                                                                                                    0x7ff72802bdd0
                                                                                                                                                                                                    0x7ff72802bde2
                                                                                                                                                                                                    0x7ff72802bdec
                                                                                                                                                                                                    0x7ff72802bdf1
                                                                                                                                                                                                    0x7ff72802bdfd
                                                                                                                                                                                                    0x7ff72802be05
                                                                                                                                                                                                    0x7ff72802be13
                                                                                                                                                                                                    0x7ff72802be19
                                                                                                                                                                                                    0x7ff72802be1e
                                                                                                                                                                                                    0x7ff72802be26
                                                                                                                                                                                                    0x7ff72802be2a
                                                                                                                                                                                                    0x7ff72802be57

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$DisplayFreeNameParseProcess$FolderInitializeItemsOpenSelectUninitialize
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$\\?\$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 1792686712-3491708354
                                                                                                                                                                                                    • Opcode ID: 3a8b11ccadee6583c85372323fada0a20ee016908da08a30510c647ca9ef4f30
                                                                                                                                                                                                    • Instruction ID: 7f8c6f3c5baee47cce58a70f79f2b691778066ca0e58347f36fa514658c58483
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a8b11ccadee6583c85372323fada0a20ee016908da08a30510c647ca9ef4f30
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC19332A08AC182E630AB21EC547EEF360FB85754F804136DA9D47AD8DF7EE555CB18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014190 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                                                                    			E00007FF77FF728014190(void* __ebx, void* __ecx, void* __eflags, long long __rbx, signed long long __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t53;
				int _t56;
				short _t57;
				void* _t70;
				void* _t118;
				char* _t119;
				char* _t120;
				char* _t121;
				char* _t122;
				intOrPtr* _t125;
				char* _t134;
				signed long long _t144;
				long long _t147;
				intOrPtr* _t148;
				void* _t150;
				void* _t159;
				_Unknown_base(*)()* _t160;
				void* _t161;

				_t159 = __r9;
				_t141 = __rdi;
				_t70 = __ebx;
				_t118 = _t150;
				 *((long long*)(_t118 + 8)) = __rbx;
				 *((long long*)(_t118 + 0x10)) = _t147;
				 *((long long*)(_t118 + 0x18)) = __rsi;
				 *((long long*)(_t118 + 0x20)) = __rdi;
				_t161 = __r8;
				_t148 = __rdx;
				_t144 = __rcx;
				E00007FF77FF72800B93C(__ecx, __eflags, _t118);
				_t5 = _t118 + 0x140; // 0x140
				_t125 = _t5;
				if (__rcx != 0) goto 0x280141cf;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) | 0x00000104;
				goto 0x280142b2;
				_t119 = __rcx + 0x40;
				 *_t125 = __rcx;
				 *((long long*)(_t125 + 8)) = _t119;
				if (_t119 == 0) goto 0x280141f9;
				if ( *_t119 == 0) goto 0x280141f9;
				_t10 = _t125 + 8; // 0x148
				E00007FF77FF7280139B4(0x16, _t125, 0x28032940, __rdi, __rcx, _t10);
				_t120 =  *_t125;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) & 0x00000000;
				if (_t120 == 0) goto 0x2801426e;
				if ( *_t120 == 0) goto 0x2801426e;
				_t121 =  *((intOrPtr*)(_t125 + 8));
				if (_t121 == 0) goto 0x28014222;
				if ( *_t121 == 0) goto 0x28014222;
				E00007FF77FF728014090(_t121, _t125);
				goto 0x2801422a;
				E00007FF77FF728014124(_t121, _t125);
				if ( *(_t125 + 0x10) != 0) goto 0x280142c8;
				if (E00007FF77FF7280139B4(0x40, _t125, 0x28032530, _t141, _t144, _t125) == 0) goto 0x280142be;
				_t122 =  *((intOrPtr*)(_t125 + 8));
				if (_t122 == 0) goto 0x28014264;
				if ( *_t122 == 0) goto 0x28014264;
				E00007FF77FF728014090(_t122, _t125);
				goto 0x280142be;
				_t53 = E00007FF77FF728014124(_t122, _t125);
				goto 0x280142be;
				_t134 =  *((intOrPtr*)(_t125 + 8));
				if (_t134 == 0) goto 0x280142ab;
				if ( *_t134 == 0) goto 0x280142ab;
				E00007FF77FF7280070C0(_t53, _t134);
				 *(_t125 + 0x1c) = 0 | _t122 == 0x00000003;
				EnumSystemLocalesA(_t160);
				if (( *(_t125 + 0x10) & 0x00000004) != 0) goto 0x280142be;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) & 0x00000000;
				goto 0x280142be;
				 *(_t125 + 0x10) = 0x104;
				_t56 = GetUserDefaultLCID();
				 *(_t125 + 0x20) = _t56;
				 *(_t125 + 0x24) = _t56;
				if ( *(_t125 + 0x10) == 0) goto 0x280143db;
				asm("dec eax");
				_t57 = E00007FF77FF728013A4C(_t70, _t122 == 3, _t125, 0x7ff728013b50 & _t144 + 0x00000080, _t125, _t159);
				if (_t57 == 0) goto 0x280143db;
				if (_t57 == 0xfde8) goto 0x280143db;
				if (_t57 == 0xfde9) goto 0x280143db;
				if (IsValidCodePage(??) == 0) goto 0x280143db;
				if (IsValidLocale(??, ??) == 0) goto 0x280143db;
				if (_t148 == 0) goto 0x28014340;
				 *_t148 =  *(_t125 + 0x20) & 0x0000ffff;
				 *((short*)(_t148 + 4)) = _t57;
				 *((short*)(_t148 + 2)) =  *(_t125 + 0x24) & 0x0000ffff;
				if (_t161 == 0) goto 0x280143d4;
				if ( *_t148 != 0x814) goto 0x28014383;
				if (E00007FF77FF72800B72C(_t144 + 0x80, _t161, _t125,  ~_t144, _t148, "Norwegian-Nynorsk") == 0) goto 0x2801439e;
				 *(_t150 - 0x30 + 0x20) =  *(_t150 - 0x30 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				goto 0x2801439e;
				r9d = 0x40;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0x280143db;
				r9d = 0x40;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0x280143db;
				r9d = 0xa;
				_t42 = _t159 + 6; // 0x6
				r8d = _t42;
				E00007FF77FF728006228(_t57);
				goto 0x280143dd;
				return 0;
			}





















                                                                                                                                                                                                    0x7ff728014190
                                                                                                                                                                                                    0x7ff728014190
                                                                                                                                                                                                    0x7ff728014190
                                                                                                                                                                                                    0x7ff728014190
                                                                                                                                                                                                    0x7ff728014193
                                                                                                                                                                                                    0x7ff728014197
                                                                                                                                                                                                    0x7ff72801419b
                                                                                                                                                                                                    0x7ff72801419f
                                                                                                                                                                                                    0x7ff7280141a9
                                                                                                                                                                                                    0x7ff7280141ac
                                                                                                                                                                                                    0x7ff7280141af
                                                                                                                                                                                                    0x7ff7280141b2
                                                                                                                                                                                                    0x7ff7280141b7
                                                                                                                                                                                                    0x7ff7280141b7
                                                                                                                                                                                                    0x7ff7280141c1
                                                                                                                                                                                                    0x7ff7280141c3
                                                                                                                                                                                                    0x7ff7280141ca
                                                                                                                                                                                                    0x7ff7280141cf
                                                                                                                                                                                                    0x7ff7280141d3
                                                                                                                                                                                                    0x7ff7280141d6
                                                                                                                                                                                                    0x7ff7280141dd
                                                                                                                                                                                                    0x7ff7280141e2
                                                                                                                                                                                                    0x7ff7280141e4
                                                                                                                                                                                                    0x7ff7280141f4
                                                                                                                                                                                                    0x7ff7280141f9
                                                                                                                                                                                                    0x7ff7280141fc
                                                                                                                                                                                                    0x7ff728014203
                                                                                                                                                                                                    0x7ff728014208
                                                                                                                                                                                                    0x7ff72801420a
                                                                                                                                                                                                    0x7ff728014211
                                                                                                                                                                                                    0x7ff728014216
                                                                                                                                                                                                    0x7ff72801421b
                                                                                                                                                                                                    0x7ff728014220
                                                                                                                                                                                                    0x7ff728014225
                                                                                                                                                                                                    0x7ff72801422e
                                                                                                                                                                                                    0x7ff72801424a
                                                                                                                                                                                                    0x7ff72801424c
                                                                                                                                                                                                    0x7ff728014253
                                                                                                                                                                                                    0x7ff728014258
                                                                                                                                                                                                    0x7ff72801425d
                                                                                                                                                                                                    0x7ff728014262
                                                                                                                                                                                                    0x7ff728014267
                                                                                                                                                                                                    0x7ff72801426c
                                                                                                                                                                                                    0x7ff72801426e
                                                                                                                                                                                                    0x7ff728014275
                                                                                                                                                                                                    0x7ff72801427a
                                                                                                                                                                                                    0x7ff72801427c
                                                                                                                                                                                                    0x7ff72801428f
                                                                                                                                                                                                    0x7ff728014299
                                                                                                                                                                                                    0x7ff7280142a3
                                                                                                                                                                                                    0x7ff7280142a5
                                                                                                                                                                                                    0x7ff7280142a9
                                                                                                                                                                                                    0x7ff7280142ab
                                                                                                                                                                                                    0x7ff7280142b2
                                                                                                                                                                                                    0x7ff7280142b8
                                                                                                                                                                                                    0x7ff7280142bb
                                                                                                                                                                                                    0x7ff7280142c2
                                                                                                                                                                                                    0x7ff7280142d5
                                                                                                                                                                                                    0x7ff7280142db
                                                                                                                                                                                                    0x7ff7280142e4
                                                                                                                                                                                                    0x7ff7280142ef
                                                                                                                                                                                                    0x7ff7280142fa
                                                                                                                                                                                                    0x7ff72801430b
                                                                                                                                                                                                    0x7ff728014321
                                                                                                                                                                                                    0x7ff72801432a
                                                                                                                                                                                                    0x7ff728014330
                                                                                                                                                                                                    0x7ff728014338
                                                                                                                                                                                                    0x7ff72801433c
                                                                                                                                                                                                    0x7ff728014343
                                                                                                                                                                                                    0x7ff728014352
                                                                                                                                                                                                    0x7ff72801436a
                                                                                                                                                                                                    0x7ff72801436c
                                                                                                                                                                                                    0x7ff728014372
                                                                                                                                                                                                    0x7ff728014375
                                                                                                                                                                                                    0x7ff72801437c
                                                                                                                                                                                                    0x7ff728014381
                                                                                                                                                                                                    0x7ff728014386
                                                                                                                                                                                                    0x7ff72801439c
                                                                                                                                                                                                    0x7ff7280143ab
                                                                                                                                                                                                    0x7ff7280143b9
                                                                                                                                                                                                    0x7ff7280143bb
                                                                                                                                                                                                    0x7ff7280143cb
                                                                                                                                                                                                    0x7ff7280143cb
                                                                                                                                                                                                    0x7ff7280143cf
                                                                                                                                                                                                    0x7ff7280143d9
                                                                                                                                                                                                    0x7ff7280143f7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$InfoValid$CodeDefaultPageUser_getptd_itow_s
                                                                                                                                                                                                    • String ID: Norwegian-Nynorsk
                                                                                                                                                                                                    • API String ID: 2273835618-461349085
                                                                                                                                                                                                    • Opcode ID: cf4e325a6d4d68f7bfb079dc3385f1bf38945245c1b1c03b25c738e8f555b466
                                                                                                                                                                                                    • Instruction ID: 56ab2cff6a0b8994a524b042a00bcddd687567b0c054432bb4de36c50ec86c58
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf4e325a6d4d68f7bfb079dc3385f1bf38945245c1b1c03b25c738e8f555b466
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65617021A08B4286FB75AF61DC01778E2A1EF44B54FC89037CA4D466E5EF7EE441CB68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802A270 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                                                                    			E00007FF77FF72802A270(void* __ebx, void* __ecx, long long __rbx, signed int __rdx, long long __rbp, void* __r8, signed long long __r9, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				void* _v24;
				signed int _v40;
				void* _v104;
				long long _v112;
				intOrPtr _v136;
				char _v144;
				long long _v152;
				long long _v160;
				signed int _v168;
				signed short _v170;
				signed short _v172;
				signed int _v174;
				signed short _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				signed int _v200;
				signed int _v208;
				signed int _v216;
				void* __rdi;
				void* __rsi;
				void* __r12;
				signed long long _t106;
				signed long long _t107;
				signed long long _t110;
				void* _t157;
				void* _t161;
				signed long long _t173;
				void* _t175;

				_t173 = __r9;
				_t175 = _t161;
				_v152 = 0xfffffffe;
				 *((long long*)(_t175 + 8)) = __rbx;
				 *((long long*)(_t175 + 0x20)) = __rbp;
				_t106 =  *0x28040430; // 0x449f3b8ca6a
				_t107 = _t106 ^ _t161 - 0x000000e0;
				_v40 = _t107;
				_t110 = __rdx;
				_v160 = __rdx;
				_t159 = _a40;
				_v168 = 0;
				 *((long long*)(__rdx + 0x20)) = 7;
				 *(__rdx + 0x18) = _t107;
				 *((short*)(__rdx + 8)) = 0;
				_v168 = 1;
				_t13 = _t107 + 0x40; // 0x40
				r8d = _t13;
				E00007FF77FF72800B240(0, __ecx, 0, _t175 - 0x68, __rdx, __r8);
				if ((sil & 0x00000001) == 0) goto 0x2802a336;
				r9d = r8d;
				E00007FF77FF72800488C(L"[%d]", _t173);
				asm("repne scasw");
				E00007FF77FF727FF47C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000002) == 0) goto 0x2802a3bb;
				_v184 = 0;
				_v180 = 0;
				_v176 = 0;
				_v172 = 0;
				GetSystemTime(??);
				r9d = _v176 & 0x0000ffff;
				_v200 = _v170 & 0x0000ffff;
				_v208 = _v172 & 0x0000ffff;
				_v216 = _v174 & 0x0000ffff;
				E00007FF77FF72800488C(L"[%02d:%02d:%02d.%03d]", _t173);
				asm("repne scasw");
				E00007FF77FF727FF47C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000004) == 0) goto 0x2802a40b;
				r9d = GetCurrentThreadId();
				E00007FF77FF72800488C(L"[%06d] ", _t173);
				asm("repne scasw");
				E00007FF77FF727FF47C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000008) == 0) goto 0x2802a42f;
				asm("repne scasw");
				_t171 =  !(__rdx | 0xffffffff) - 1;
				E00007FF77FF727FF47C0(__rdx, __rdx, _t159, _t159, _t157, _t159,  !(__rdx | 0xffffffff) - 1);
				if ((sil & 0x00000020) == 0) goto 0x2802a499;
				r8d = 1;
				E00007FF77FF727FF47C0(__rdx, __rdx, "(", _t159, _t157, _t159,  !(__rdx | 0xffffffff) - 1);
				E00007FF77FF72802ACF0(__ebx, _a56, sil & 0x00000020, __rdx,  &_v144, _t159, _t173, _a48);
				r8d = r8d ^ r8d;
				E00007FF77FF727FF5250(_t110, _t110, _t107, _t159, _t157, _t159, _t171, _t173 | 0xffffffff);
				if (_v112 - 8 < 0) goto 0x2802a484;
				E00007FF77FF7280044D8(_t107, _t110, _v136, _t107, _t157, _t171, _t173 | 0xffffffff);
				r8d = 1;
				E00007FF77FF727FF47C0(_t110, _t110, ")", _t159, _t157, _t159, _t171);
				if ((sil & 0x00000010) == 0) goto 0x2802a4d2;
				r8d = 3;
				E00007FF77FF727FF47C0(_t110, _t110, L" : ", _t159, _t157, _t159, _t171);
				asm("repne scasw");
				E00007FF77FF727FF47C0(_t110, _t110, _a48, _a48, _t157, _t159,  !(_t110 | 0xffffffff) - 1);
				r8d = 1;
				E00007FF77FF727FF47C0(_t110, _t110, " ", _a48, _t157, _t159,  !(_t110 | 0xffffffff) - 1);
				return E00007FF77FF728004050(_v174 & 0x0000ffff, _v40 ^ _t161 - 0x000000e0, " ",  !(_t110 | 0xffffffff) - 1, _t173 | 0xffffffff);
			}































                                                                                                                                                                                                    0x7ff72802a270
                                                                                                                                                                                                    0x7ff72802a270
                                                                                                                                                                                                    0x7ff72802a27e
                                                                                                                                                                                                    0x7ff72802a287
                                                                                                                                                                                                    0x7ff72802a28b
                                                                                                                                                                                                    0x7ff72802a28f
                                                                                                                                                                                                    0x7ff72802a296
                                                                                                                                                                                                    0x7ff72802a299
                                                                                                                                                                                                    0x7ff72802a2a7
                                                                                                                                                                                                    0x7ff72802a2aa
                                                                                                                                                                                                    0x7ff72802a2af
                                                                                                                                                                                                    0x7ff72802a2c1
                                                                                                                                                                                                    0x7ff72802a2c5
                                                                                                                                                                                                    0x7ff72802a2cd
                                                                                                                                                                                                    0x7ff72802a2d1
                                                                                                                                                                                                    0x7ff72802a2d5
                                                                                                                                                                                                    0x7ff72802a2df
                                                                                                                                                                                                    0x7ff72802a2df
                                                                                                                                                                                                    0x7ff72802a2e7
                                                                                                                                                                                                    0x7ff72802a2f0
                                                                                                                                                                                                    0x7ff72802a2f2
                                                                                                                                                                                                    0x7ff72802a309
                                                                                                                                                                                                    0x7ff72802a31c
                                                                                                                                                                                                    0x7ff72802a331
                                                                                                                                                                                                    0x7ff72802a33a
                                                                                                                                                                                                    0x7ff72802a33e
                                                                                                                                                                                                    0x7ff72802a342
                                                                                                                                                                                                    0x7ff72802a346
                                                                                                                                                                                                    0x7ff72802a34a
                                                                                                                                                                                                    0x7ff72802a353
                                                                                                                                                                                                    0x7ff72802a368
                                                                                                                                                                                                    0x7ff72802a36e
                                                                                                                                                                                                    0x7ff72802a372
                                                                                                                                                                                                    0x7ff72802a376
                                                                                                                                                                                                    0x7ff72802a38e
                                                                                                                                                                                                    0x7ff72802a3a1
                                                                                                                                                                                                    0x7ff72802a3b6
                                                                                                                                                                                                    0x7ff72802a3bf
                                                                                                                                                                                                    0x7ff72802a3c7
                                                                                                                                                                                                    0x7ff72802a3de
                                                                                                                                                                                                    0x7ff72802a3f1
                                                                                                                                                                                                    0x7ff72802a406
                                                                                                                                                                                                    0x7ff72802a40f
                                                                                                                                                                                                    0x7ff72802a41a
                                                                                                                                                                                                    0x7ff72802a420
                                                                                                                                                                                                    0x7ff72802a42a
                                                                                                                                                                                                    0x7ff72802a433
                                                                                                                                                                                                    0x7ff72802a435
                                                                                                                                                                                                    0x7ff72802a445
                                                                                                                                                                                                    0x7ff72802a456
                                                                                                                                                                                                    0x7ff72802a460
                                                                                                                                                                                                    0x7ff72802a469
                                                                                                                                                                                                    0x7ff72802a478
                                                                                                                                                                                                    0x7ff72802a47f
                                                                                                                                                                                                    0x7ff72802a484
                                                                                                                                                                                                    0x7ff72802a494
                                                                                                                                                                                                    0x7ff72802a49d
                                                                                                                                                                                                    0x7ff72802a49f
                                                                                                                                                                                                    0x7ff72802a4af
                                                                                                                                                                                                    0x7ff72802a4bd
                                                                                                                                                                                                    0x7ff72802a4cd
                                                                                                                                                                                                    0x7ff72802a4d2
                                                                                                                                                                                                    0x7ff72802a4e2
                                                                                                                                                                                                    0x7ff72802a511

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf$CurrentSystemThreadTime
                                                                                                                                                                                                    • String ID: : $[%02d:%02d:%02d.%03d]$[%06d] $[%d]
                                                                                                                                                                                                    • API String ID: 4294719311-3835557347
                                                                                                                                                                                                    • Opcode ID: edd22a6c2a58dc5b7b6573fc0000327affbe386b199eabaa2583348143a99127
                                                                                                                                                                                                    • Instruction ID: 2099638924579e4bf1e7a29be8378e66df0942f70e6c728222205f02e30208dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: edd22a6c2a58dc5b7b6573fc0000327affbe386b199eabaa2583348143a99127
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05618F32618A8145E760EB25EC003EAE260FB857B0F905332EA7D43AD9DF7DD541CB64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728010D44 Relevance: 15.1, APIs: 10, Instructions: 106COMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF77FF728010D44(signed int __ecx, void* __edi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t45;
				void* _t59;
				void* _t63;
				signed int* _t69;
				signed int* _t70;
				long long _t71;
				signed long long _t85;
				void* _t86;
				signed long long _t88;

				_t83 = __r8;
				_t79 = __rbp;
				_t77 = __rsi;
				_t74 = __rdx;
				_t73 = __rcx;
				_t71 = __rbx;
				_t59 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				_t86 = __rdx;
				_t76 = __ecx;
				if (__edi != 0xfffffffe) goto 0x28010d89;
				E00007FF77FF7280078CC(__rax);
				 *__rax = 0;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28010e9e;
				if (__edi < 0) goto 0x28010e75;
				_t63 = _t59 -  *0x280489c0; // 0x20
				if (_t63 >= 0) goto 0x28010e75;
				_t88 = __ecx >> 5;
				r12d = r12d & 0x0000001f;
				_t85 = __ecx * 0x58;
				_t69 =  *((intOrPtr*)(0x280489e0 + _t88 * 8));
				if (_t63 != 0) goto 0x28010df5;
				E00007FF77FF7280078CC(_t69);
				 *_t69 = 0;
				E00007FF77FF7280078AC(_t69);
				 *_t69 = 9;
				_v56 = __rbx;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t69, __rbx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0x28010e9e;
				if ((0 | r8d - 0x7fffffff < 0x00000000) != 0) goto 0x28010e30;
				E00007FF77FF7280078CC(_t69);
				 *_t69 = 0;
				E00007FF77FF7280078AC(_t69);
				 *_t69 = 0x16;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t69, _t71, _t73, _t74, _t77, _t79, _t83);
				goto 0x28010e9e;
				_t34 = E00007FF77FF72801593C(0, __edi, _t71, _t76, _t77, _t85);
				_t70 =  *((intOrPtr*)(0x280489e0 + _t88 * 8));
				if (( *(_t70 + _t85 + 8) & 0x00000001) == 0) goto 0x28010e55;
				_t45 = E00007FF77FF7280105C4(_t34, _t59, r8d, _t86, _t83);
				goto 0x28010e6a;
				E00007FF77FF7280078AC(_t70);
				 *_t70 = 9;
				E00007FF77FF7280078CC(_t70);
				 *_t70 = _t45;
				E00007FF77FF7280159E4();
				goto 0x28010e9e;
				E00007FF77FF7280078CC(_t70);
				 *_t70 = _t45 | 0xffffffff;
				E00007FF77FF7280078AC(_t70);
				 *_t70 = 9;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t70, _t71, _t73, _t86, _t77, _t79, _t83) | 0xffffffff;
			}
















                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d44
                                                                                                                                                                                                    0x7ff728010d49
                                                                                                                                                                                                    0x7ff728010d4e
                                                                                                                                                                                                    0x7ff728010d62
                                                                                                                                                                                                    0x7ff728010d65
                                                                                                                                                                                                    0x7ff728010d6b
                                                                                                                                                                                                    0x7ff728010d6d
                                                                                                                                                                                                    0x7ff728010d74
                                                                                                                                                                                                    0x7ff728010d76
                                                                                                                                                                                                    0x7ff728010d7b
                                                                                                                                                                                                    0x7ff728010d84
                                                                                                                                                                                                    0x7ff728010d8d
                                                                                                                                                                                                    0x7ff728010d93
                                                                                                                                                                                                    0x7ff728010d99
                                                                                                                                                                                                    0x7ff728010da5
                                                                                                                                                                                                    0x7ff728010db0
                                                                                                                                                                                                    0x7ff728010db4
                                                                                                                                                                                                    0x7ff728010db8
                                                                                                                                                                                                    0x7ff728010dc5
                                                                                                                                                                                                    0x7ff728010dc7
                                                                                                                                                                                                    0x7ff728010dcc
                                                                                                                                                                                                    0x7ff728010dce
                                                                                                                                                                                                    0x7ff728010dd3
                                                                                                                                                                                                    0x7ff728010dd9
                                                                                                                                                                                                    0x7ff728010dde
                                                                                                                                                                                                    0x7ff728010de1
                                                                                                                                                                                                    0x7ff728010de8
                                                                                                                                                                                                    0x7ff728010df0
                                                                                                                                                                                                    0x7ff728010e03
                                                                                                                                                                                                    0x7ff728010e05
                                                                                                                                                                                                    0x7ff728010e0a
                                                                                                                                                                                                    0x7ff728010e0c
                                                                                                                                                                                                    0x7ff728010e11
                                                                                                                                                                                                    0x7ff728010e17
                                                                                                                                                                                                    0x7ff728010e1c
                                                                                                                                                                                                    0x7ff728010e1f
                                                                                                                                                                                                    0x7ff728010e26
                                                                                                                                                                                                    0x7ff728010e2e
                                                                                                                                                                                                    0x7ff728010e32
                                                                                                                                                                                                    0x7ff728010e38
                                                                                                                                                                                                    0x7ff728010e42
                                                                                                                                                                                                    0x7ff728010e51
                                                                                                                                                                                                    0x7ff728010e53
                                                                                                                                                                                                    0x7ff728010e55
                                                                                                                                                                                                    0x7ff728010e5a
                                                                                                                                                                                                    0x7ff728010e60
                                                                                                                                                                                                    0x7ff728010e65
                                                                                                                                                                                                    0x7ff728010e6c
                                                                                                                                                                                                    0x7ff728010e73
                                                                                                                                                                                                    0x7ff728010e75
                                                                                                                                                                                                    0x7ff728010e7a
                                                                                                                                                                                                    0x7ff728010e7c
                                                                                                                                                                                                    0x7ff728010e81
                                                                                                                                                                                                    0x7ff728010e87
                                                                                                                                                                                                    0x7ff728010e8c
                                                                                                                                                                                                    0x7ff728010e8f
                                                                                                                                                                                                    0x7ff728010eb5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: ae8c6979646cd0df4c87d9af4eb6b8836ed11e81636247d6cf9537f00f559d2d
                                                                                                                                                                                                    • Instruction ID: 17af170e857767c96165050390187159df2faf4e2b108db9a9daec0e9a98c16e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae8c6979646cd0df4c87d9af4eb6b8836ed11e81636247d6cf9537f00f559d2d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F41D232E1824245E3317F359C4193DF691EF81764F996636E6680B6C2DE3EA4008F38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800BD28 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                    			E00007FF77FF72800BD28(void* __ecx, long long __rbx, long long __rdi, void* __rsi, void* __rbp, void* __r9, long long __r13, long long _a8, void* _a16, long long _a24, long long _a32) {
				signed int _v24;
				void* _t38;
				void* _t47;
				void* _t68;
				void* _t93;
				void* _t104;
				void* _t122;
				void* _t131;

				_t131 = __r9;
				_t118 = __rbp;
				_t117 = __rsi;
				_a8 = __rbx;
				_a24 = __rdi;
				_a32 = __r13;
				_t68 = __ecx;
				if (__ecx ==  *0x28040820) goto 0x2800bd5a;
				if (1 - 0x17 < 0) goto 0x2800bd4b;
				if (1 - 0x17 >= 0) goto 0x2800bf37;
				if (E00007FF77FF728011C68(3, 0x7ff728040830, __rbx, _t93, _t104, __rsi, __rbp, _t122) == 1) goto 0x2800bef2;
				if (E00007FF77FF728011C68(3, 0x7ff728040830, __rbx, _t93, _t104, __rsi, __rbp, _t122) != 0) goto 0x2800bd91;
				if ( *0x28040188 == 1) goto 0x2800bef2;
				if (_t68 == 0xfc) goto 0x2800bf37;
				r13d = 0x314;
				if (E00007FF77FF72800B72C(0x7ff728040830, 0x28043660, __r13, __rsi, __rbp, "Runtime Error!\n\nProgram: ") == 0) goto 0x2800bdd5;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				r8d = 0x104;
				 *0x2804377d = 0;
				if (GetModuleFileNameA(??, ??, ??) != 0) goto 0x2800be26;
				if (E00007FF77FF72800B72C(0x7ff728040830, 0x28043679, 0x28043679, __rsi, __rbp, "<program name unknown>") == 0) goto 0x2800be26;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				_t38 = E00007FF77FF7280070C0(E00007FF77FF728004308(), 0x28043679);
				if (0x7ff728040831 - 0x3c <= 0) goto 0x2800be81;
				E00007FF77FF7280070C0(_t38, 0x28043679);
				r9d = 3;
				if (E00007FF77FF7280138DC(0x7ff728040831, 0xffee50083e6f, 0xffff8008d7fbfb05, _t117, _t118, "...", _t131) == 0) goto 0x2800be81;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				if (E00007FF77FF728013850(0x7ff728040831, 0x28043660, __r13, _t117, _t118, "\n\n") == 0) goto 0x2800beac;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				if (E00007FF77FF728013850(0x7ff728040831, 0x28043660, __r13, _t117, _t118,  *0x7FF728040838) == 0) goto 0x2800bedb;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				r8d = 0x12010;
				E00007FF77FF728014B80(0x7ff728040831, __rbx, 0x28043660, "Microsoft Visual C++ Runtime Library", _t118, _t131);
				goto 0x2800bf37;
				_t47 = GetStdHandle(??);
				if (0x7ff728040831 == 0) goto 0x2800bf37;
				if (0x7ff728040831 == 0xffffffff) goto 0x2800bf37;
				E00007FF77FF7280070C0(_t47,  *((intOrPtr*)(0x7ff728040838)));
				_v24 = _v24 & 0x00000000;
				return WriteFile(??, ??, ??, ??, ??);
			}











                                                                                                                                                                                                    0x7ff72800bd28
                                                                                                                                                                                                    0x7ff72800bd28
                                                                                                                                                                                                    0x7ff72800bd28
                                                                                                                                                                                                    0x7ff72800bd28
                                                                                                                                                                                                    0x7ff72800bd2d
                                                                                                                                                                                                    0x7ff72800bd32
                                                                                                                                                                                                    0x7ff72800bd44
                                                                                                                                                                                                    0x7ff72800bd4d
                                                                                                                                                                                                    0x7ff72800bd58
                                                                                                                                                                                                    0x7ff72800bd5d
                                                                                                                                                                                                    0x7ff72800bd70
                                                                                                                                                                                                    0x7ff72800bd82
                                                                                                                                                                                                    0x7ff72800bd8b
                                                                                                                                                                                                    0x7ff72800bd97
                                                                                                                                                                                                    0x7ff72800bda4
                                                                                                                                                                                                    0x7ff72800bdbe
                                                                                                                                                                                                    0x7ff72800bdc0
                                                                                                                                                                                                    0x7ff72800bdc6
                                                                                                                                                                                                    0x7ff72800bdc9
                                                                                                                                                                                                    0x7ff72800bdd0
                                                                                                                                                                                                    0x7ff72800bddc
                                                                                                                                                                                                    0x7ff72800bde4
                                                                                                                                                                                                    0x7ff72800bdf3
                                                                                                                                                                                                    0x7ff72800be0f
                                                                                                                                                                                                    0x7ff72800be11
                                                                                                                                                                                                    0x7ff72800be17
                                                                                                                                                                                                    0x7ff72800be1a
                                                                                                                                                                                                    0x7ff72800be2d
                                                                                                                                                                                                    0x7ff72800be39
                                                                                                                                                                                                    0x7ff72800be42
                                                                                                                                                                                                    0x7ff72800be5a
                                                                                                                                                                                                    0x7ff72800be6a
                                                                                                                                                                                                    0x7ff72800be6c
                                                                                                                                                                                                    0x7ff72800be72
                                                                                                                                                                                                    0x7ff72800be75
                                                                                                                                                                                                    0x7ff72800be7c
                                                                                                                                                                                                    0x7ff72800be95
                                                                                                                                                                                                    0x7ff72800be97
                                                                                                                                                                                                    0x7ff72800be9d
                                                                                                                                                                                                    0x7ff72800bea0
                                                                                                                                                                                                    0x7ff72800bea7
                                                                                                                                                                                                    0x7ff72800bec4
                                                                                                                                                                                                    0x7ff72800bec6
                                                                                                                                                                                                    0x7ff72800becc
                                                                                                                                                                                                    0x7ff72800becf
                                                                                                                                                                                                    0x7ff72800bed6
                                                                                                                                                                                                    0x7ff72800bee2
                                                                                                                                                                                                    0x7ff72800beeb
                                                                                                                                                                                                    0x7ff72800bef0
                                                                                                                                                                                                    0x7ff72800bef7
                                                                                                                                                                                                    0x7ff72800bf03
                                                                                                                                                                                                    0x7ff72800bf09
                                                                                                                                                                                                    0x7ff72800bf16
                                                                                                                                                                                                    0x7ff72800bf20
                                                                                                                                                                                                    0x7ff72800bf4c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF72800BF84,?,?,?,?,00007FF7280048E5,?,?,00000000,00007FF72800A598), ref: 00007FF72800BDEB
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,00007FF72800BF84,?,?,?,?,00007FF7280048E5,?,?,00000000,00007FF72800A598), ref: 00007FF72800BEF7
                                                                                                                                                                                                    • WriteFile.KERNEL32 ref: 00007FF72800BF31
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                    • API String ID: 3784150691-4022980321
                                                                                                                                                                                                    • Opcode ID: bdf2f308c5beea1c5eb5347bd727d01a46f02e2dd6c2599cccca75c08203b709
                                                                                                                                                                                                    • Instruction ID: 63711c8679f9e1d0972d1db3b3eada3ef6ac0c76fd863011569253679f34f4b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdf2f308c5beea1c5eb5347bd727d01a46f02e2dd6c2599cccca75c08203b709
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251D221B1864381FB34B721ED61B7AE291EF45794FC45237DA5C42AD1EF3EE1058E28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280155B0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF72801560A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF72801561C
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF728015667
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF7280156CC
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _FF_MSGBANNER.LIBCMT ref: 00007FF7280048E0
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF72800A598,?,?,00000000,00007FF72800FED9,?,?,?,00007FF72800FF83), ref: 00007FF728004905
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _errno.LIBCMT ref: 00007FF728004929
                                                                                                                                                                                                      • Part of subcall function 00007FF7280048B0: _errno.LIBCMT ref: 00007FF728004934
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF7280156F9
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF728015733
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF728015747
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF7280157DA), ref: 00007FF72801575D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale$_errno$AllocateByteCharErrorHeapLastMultiWidefreemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4202622830-0
                                                                                                                                                                                                    • Opcode ID: fe5207ceeda70ec711b59715bf62eec6586ad5d6bb0a9c1674ed90db119e1240
                                                                                                                                                                                                    • Instruction ID: c8acd892b6e44b8756038b5dbb5006bcb582f11063d5549795c3c2175affb4fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5207ceeda70ec711b59715bf62eec6586ad5d6bb0a9c1674ed90db119e1240
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D351B432A096428AE770AF10ED4156DF391FB447A8FC45532DA1E47BD4EF7EE8008B54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728004050 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF77FF728004050(signed int __ecx, void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				signed long long _v24;
				void* __rbx;
				void* _t16;
				intOrPtr* _t23;
				void* _t24;
				void* _t27;
				void* _t29;
				void* _t30;

				_t27 = __rdx;
				_t16 = __rcx -  *0x28040430; // 0x449f3b8ca6a
				if (_t16 != 0) goto 0x2800406a;
				asm("dec eax");
				if ((__ecx & 0x0000ffff) != 0) goto 0x28004066;
				asm("repe ret");
				asm("dec eax");
				goto 0x2800b5e0;
				asm("int3");
				_push(_t24);
				_t23 = __r8;
				if (__r9 == 0) goto 0x280040c9;
				if (__rcx != 0) goto 0x280040a8;
				E00007FF77FF7280078AC(__r8);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *__r8 = 0x16;
				E00007FF77FF728004430(__r8, _t24, __rcx, __rdx, _t29, _t30, __r8);
				goto 0x280040cb;
				if (_t23 == 0) goto 0x28004083;
				if (_t27 - __r9 >= 0) goto 0x280040be;
				E00007FF77FF7280078AC(_t23);
				goto 0x2800408d;
				E00007FF77FF72800AE90(0, _t27 - __r9, _t26, _t23, __r9);
				return 0;
			}











                                                                                                                                                                                                    0x7ff728004050
                                                                                                                                                                                                    0x7ff728004050
                                                                                                                                                                                                    0x7ff728004057
                                                                                                                                                                                                    0x7ff728004059
                                                                                                                                                                                                    0x7ff728004062
                                                                                                                                                                                                    0x7ff728004064
                                                                                                                                                                                                    0x7ff728004066
                                                                                                                                                                                                    0x7ff72800406a
                                                                                                                                                                                                    0x7ff72800406f
                                                                                                                                                                                                    0x7ff728004070
                                                                                                                                                                                                    0x7ff728004076
                                                                                                                                                                                                    0x7ff72800407c
                                                                                                                                                                                                    0x7ff728004081
                                                                                                                                                                                                    0x7ff728004083
                                                                                                                                                                                                    0x7ff72800408d
                                                                                                                                                                                                    0x7ff728004093
                                                                                                                                                                                                    0x7ff728004096
                                                                                                                                                                                                    0x7ff72800409d
                                                                                                                                                                                                    0x7ff72800409f
                                                                                                                                                                                                    0x7ff7280040a6
                                                                                                                                                                                                    0x7ff7280040ab
                                                                                                                                                                                                    0x7ff7280040b0
                                                                                                                                                                                                    0x7ff7280040b2
                                                                                                                                                                                                    0x7ff7280040bc
                                                                                                                                                                                                    0x7ff7280040c4
                                                                                                                                                                                                    0x7ff7280040d0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3778485334-0
                                                                                                                                                                                                    • Opcode ID: e14f49882a9b6dccd73c3a84256284ea3c026c336a414e1e863b8d0485961774
                                                                                                                                                                                                    • Instruction ID: 45659c367788b70e0ce72546f367ec41671cf4a81ab17b12f763609c379a1708
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e14f49882a9b6dccd73c3a84256284ea3c026c336a414e1e863b8d0485961774
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD311631A09B4286E760AB54FC50769F3A0FB84754FD41137DA8E427A5DF7EE044CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801A758 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF77FF72801A758(void* __eflags, long long __rbx, char* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t68;
				void* _t70;
				signed int _t99;
				signed int _t103;
				void* _t122;
				intOrPtr* _t129;
				intOrPtr _t130;
				signed long long _t136;
				char* _t138;
				char* _t154;
				char* _t155;
				char* _t160;
				long long _t167;
				intOrPtr* _t168;
				intOrPtr* _t170;
				void* _t171;
				void* _t179;
				long long _t181;
				void* _t183;

				_t173 = __r8;
				_t163 = __rsi;
				_t129 = _t170;
				 *((long long*)(_t129 + 8)) = __rbx;
				 *((long long*)(_t129 + 0x10)) = _t167;
				 *((long long*)(_t129 + 0x18)) = __rsi;
				 *((long long*)(_t129 + 0x20)) = __rdi;
				_t171 = _t170 - 0x50;
				_t179 = __rdx;
				_t160 = __rcx;
				r15d = r9d;
				_t136 = r8d;
				E00007FF77FF728004E5C(_t129, _t129 - 0x38,  *((intOrPtr*)(_t171 + 0xa0)));
				r13d = 0;
				if (__rcx != _t181) goto 0x2801a7d3;
				E00007FF77FF7280078AC(_t129);
				_t7 = _t181 + 0x16; // 0x16
				r9d = 0;
				r8d = 0;
				 *_t129 = _t7;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF77FF728004430(_t129, _t136, _t129 - 0x38,  *((intOrPtr*)(_t171 + 0xa0)), __rsi, _t167, __r8, _t183, _t181);
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0x2801a7cc;
				 *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x2801a990;
				if (_t179 - _t181 > 0) goto 0x2801a80d;
				E00007FF77FF7280078AC(_t129);
				r9d = 0;
				r8d = 0;
				 *_t129 = 0x16;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF77FF728004430(_t129, _t136,  *((intOrPtr*)(_t171 + 0x40)),  *((intOrPtr*)(_t171 + 0xa0)), _t163, _t167, _t173);
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0x2801a7cc;
				_t130 =  *((intOrPtr*)(_t171 + 0x40));
				 *(_t130 + 0xc8) =  *(_t130 + 0xc8) & 0xfffffffd;
				goto 0x2801a7cc;
				_t67 =  >  ? 0x16 : r13d;
				_t68 = ( >  ? 0x16 : r13d) + 9;
				if (_t179 - _t130 > 0) goto 0x2801a82f;
				_t70 = E00007FF77FF7280078AC(_t130);
				goto 0x2801a7a3;
				_t168 =  *((intOrPtr*)(_t171 + 0x90));
				if ( *((intOrPtr*)(_t171 + 0x98)) == r13b) goto 0x2801a877;
				sil =  *_t168 == 0x2d;
				r13b = 0x22 > 0;
				if (r13d == 0) goto 0x2801a874;
				E00007FF77FF7280070C0(_t70, _t181 + _t160);
				_t20 = _t130 + 1; // 0x1
				E00007FF77FF72800AE90(0, r13d, r13d + _t181 + _t160, _t181 + _t160, _t20);
				r13d = 0;
				if ( *_t168 != 0x2d) goto 0x2801a887;
				 *_t160 = 0x2d;
				_t154 = _t160 + 1;
				if (0x22 - r13d <= 0) goto 0x2801a8a7;
				 *_t154 =  *((intOrPtr*)(_t154 + 1));
				_t155 = _t154 + 1;
				 *_t155 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t171 + 0x30)) + 0x128))))));
				_t138 = _t136 + _t155 + _t181;
				_t157 =  ==  ? _t179 : _t179 + _t160 - _t138;
				if (E00007FF77FF72800B72C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t171 + 0x30)) + 0x128)))), _t138,  ==  ? _t179 : _t179 + _t160 - _t138, _t181 + _t160, _t168, "e+000") == r13d) goto 0x2801a8f2;
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF77FF728004308();
				if (r15d == r13d) goto 0x2801a8fe;
				 *_t138 = 0x45;
				_t122 =  *((char*)( *((intOrPtr*)(_t168 + 0x10)))) - 0x30;
				if (_t122 == 0) goto 0x2801a95e;
				r8d =  *(_t168 + 4);
				r8d = r8d - 1;
				if (_t122 >= 0) goto 0x2801a918;
				r8d =  ~r8d;
				 *((char*)(_t138 + 1)) = 0x2d;
				if (r8d - 0x64 < 0) goto 0x2801a939;
				_t99 = (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
				 *((intOrPtr*)(_t138 + 2)) =  *((intOrPtr*)(_t138 + 2)) + _t99;
				r8d = r8d + _t99 * 0xffffff9c;
				if (r8d - 0xa < 0) goto 0x2801a95a;
				_t103 = (0x66666667 * r8d >> 0x20 >> 2) + (0x66666667 * r8d >> 0x20 >> 2 >> 0x1f);
				 *((intOrPtr*)(_t138 + 3)) =  *((intOrPtr*)(_t138 + 3)) + _t103;
				r8d = r8d + _t103 * 0xfffffff6;
				 *((intOrPtr*)(_t138 + 4)) =  *((intOrPtr*)(_t138 + 4)) + r8b;
				if (( *0x28044108 & 0x00000001) == 0) goto 0x2801a97b;
				if ( *((char*)(_t138 + 2)) != 0x30) goto 0x2801a97b;
				r8d = 3;
				E00007FF77FF72800AE90(0,  *((char*)(_t138 + 2)) - 0x30, _t138 + 2, _t138 + 3, "e+000");
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0x2801a98e;
				 *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}






















                                                                                                                                                                                                    0x7ff72801a758
                                                                                                                                                                                                    0x7ff72801a758
                                                                                                                                                                                                    0x7ff72801a758
                                                                                                                                                                                                    0x7ff72801a75b
                                                                                                                                                                                                    0x7ff72801a75f
                                                                                                                                                                                                    0x7ff72801a763
                                                                                                                                                                                                    0x7ff72801a767
                                                                                                                                                                                                    0x7ff72801a771
                                                                                                                                                                                                    0x7ff72801a775
                                                                                                                                                                                                    0x7ff72801a780
                                                                                                                                                                                                    0x7ff72801a787
                                                                                                                                                                                                    0x7ff72801a78a
                                                                                                                                                                                                    0x7ff72801a78d
                                                                                                                                                                                                    0x7ff72801a792
                                                                                                                                                                                                    0x7ff72801a798
                                                                                                                                                                                                    0x7ff72801a79a
                                                                                                                                                                                                    0x7ff72801a79f
                                                                                                                                                                                                    0x7ff72801a7a3
                                                                                                                                                                                                    0x7ff72801a7a6
                                                                                                                                                                                                    0x7ff72801a7ad
                                                                                                                                                                                                    0x7ff72801a7af
                                                                                                                                                                                                    0x7ff72801a7b4
                                                                                                                                                                                                    0x7ff72801a7be
                                                                                                                                                                                                    0x7ff72801a7c5
                                                                                                                                                                                                    0x7ff72801a7ce
                                                                                                                                                                                                    0x7ff72801a7d6
                                                                                                                                                                                                    0x7ff72801a7d8
                                                                                                                                                                                                    0x7ff72801a7e2
                                                                                                                                                                                                    0x7ff72801a7e5
                                                                                                                                                                                                    0x7ff72801a7ec
                                                                                                                                                                                                    0x7ff72801a7ee
                                                                                                                                                                                                    0x7ff72801a7f3
                                                                                                                                                                                                    0x7ff72801a7fd
                                                                                                                                                                                                    0x7ff72801a7ff
                                                                                                                                                                                                    0x7ff72801a804
                                                                                                                                                                                                    0x7ff72801a80b
                                                                                                                                                                                                    0x7ff72801a813
                                                                                                                                                                                                    0x7ff72801a816
                                                                                                                                                                                                    0x7ff72801a81e
                                                                                                                                                                                                    0x7ff72801a820
                                                                                                                                                                                                    0x7ff72801a82a
                                                                                                                                                                                                    0x7ff72801a82f
                                                                                                                                                                                                    0x7ff72801a83f
                                                                                                                                                                                                    0x7ff72801a848
                                                                                                                                                                                                    0x7ff72801a851
                                                                                                                                                                                                    0x7ff72801a858
                                                                                                                                                                                                    0x7ff72801a85d
                                                                                                                                                                                                    0x7ff72801a868
                                                                                                                                                                                                    0x7ff72801a86f
                                                                                                                                                                                                    0x7ff72801a874
                                                                                                                                                                                                    0x7ff72801a87e
                                                                                                                                                                                                    0x7ff72801a880
                                                                                                                                                                                                    0x7ff72801a883
                                                                                                                                                                                                    0x7ff72801a88a
                                                                                                                                                                                                    0x7ff72801a88f
                                                                                                                                                                                                    0x7ff72801a896
                                                                                                                                                                                                    0x7ff72801a8a5
                                                                                                                                                                                                    0x7ff72801a8bf
                                                                                                                                                                                                    0x7ff72801a8d0
                                                                                                                                                                                                    0x7ff72801a8dc
                                                                                                                                                                                                    0x7ff72801a8de
                                                                                                                                                                                                    0x7ff72801a8e1
                                                                                                                                                                                                    0x7ff72801a8e8
                                                                                                                                                                                                    0x7ff72801a8ed
                                                                                                                                                                                                    0x7ff72801a8f9
                                                                                                                                                                                                    0x7ff72801a8fb
                                                                                                                                                                                                    0x7ff72801a902
                                                                                                                                                                                                    0x7ff72801a905
                                                                                                                                                                                                    0x7ff72801a907
                                                                                                                                                                                                    0x7ff72801a90b
                                                                                                                                                                                                    0x7ff72801a90f
                                                                                                                                                                                                    0x7ff72801a911
                                                                                                                                                                                                    0x7ff72801a914
                                                                                                                                                                                                    0x7ff72801a91c
                                                                                                                                                                                                    0x7ff72801a92e
                                                                                                                                                                                                    0x7ff72801a930
                                                                                                                                                                                                    0x7ff72801a936
                                                                                                                                                                                                    0x7ff72801a93d
                                                                                                                                                                                                    0x7ff72801a94f
                                                                                                                                                                                                    0x7ff72801a951
                                                                                                                                                                                                    0x7ff72801a957
                                                                                                                                                                                                    0x7ff72801a95a
                                                                                                                                                                                                    0x7ff72801a965
                                                                                                                                                                                                    0x7ff72801a96a
                                                                                                                                                                                                    0x7ff72801a970
                                                                                                                                                                                                    0x7ff72801a976
                                                                                                                                                                                                    0x7ff72801a980
                                                                                                                                                                                                    0x7ff72801a987
                                                                                                                                                                                                    0x7ff72801a9ae

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer_getptd
                                                                                                                                                                                                    • String ID: -$e+000$gfff
                                                                                                                                                                                                    • API String ID: 2834218312-2620144452
                                                                                                                                                                                                    • Opcode ID: 6a11d317345159555b390f4911d319f69cbeb2ee95697cea1cf0a9819997a2cf
                                                                                                                                                                                                    • Instruction ID: 581c5ee95b99eef1e7efb9581115b393aef21fb873fe40b0648f3cd3813b2d85
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a11d317345159555b390f4911d319f69cbeb2ee95697cea1cf0a9819997a2cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09615C26B186C145E331AB25AC4126EF691FB81B68F989233DA5C07BC5CF3FD455CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802B6B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 149stringprocessCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                                                                    			E00007FF77FF72802B6B0(void* __ebx, signed int __ecx, void* __rax, signed long long* __rcx, void* __rdx, void* __r8, signed long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, char _a48, intOrPtr _a56, long long _a72, long long _a80, long long _a88, char _a96, intOrPtr _a104, long long _a128, char _a136, char _a144, intOrPtr _a196, char _a200, char _a248, char _a256, long long _a272, long long _a280, char _a296, signed int _a65832) {
				intOrPtr _v0;
				intOrPtr _v8;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t79;
				signed long long _t114;
				signed long long _t115;
				void* _t119;
				void* _t145;
				void* _t150;
				void* _t151;
				long long _t152;
				void* _t153;
				signed long long _t159;
				void* _t161;
				long long _t163;

				_t159 = __r9;
				_t92 = __ecx;
				E00007FF77FF72802C0A0(0x10160, __rax, _t161, __r11);
				_t154 = _t153 - __rax;
				_a88 = 0xfffffffe;
				_t114 =  *0x28040430; // 0x449f3b8ca6a
				_t115 = _t114 ^ _t153 - __rax;
				_a65832 = _t115;
				_t151 = __r8;
				_t119 = __rdx;
				_t152 = __rcx;
				r12d = 0;
				_a40 = r12d;
				 *__rcx = _t115;
				__rcx[1] = _t115;
				__rcx[2] = _t115;
				_a136 = 0x68;
				_t7 = _t163 + 0x60; // 0x60
				r8d = _t7;
				E00007FF77FF72800B240(0, __ecx, 0,  &_a144, __rdx, __r8);
				_a196 = 1;
				_a200 = r12w;
				if ( *((intOrPtr*)(__r8 + 0x18)) == _t150) goto 0x2802b900;
				_t12 = _t163 + 1; // 0x1
				r9d = _t12;
				r8d = 0;
				E00007FF77FF727FF4AA0(_t159);
				if (_t115 == 0xffffffff) goto 0x2802b79d;
				E00007FF77FF727FF6580(0, _t115 - 0xffffffff, _t115, __rdx,  &_a96, "\"", __r8, __rcx, __rdx, _t159, _t163);
				_a40 = 1;
				E00007FF77FF727FF6650(0, _t115 - 0xffffffff, _t115, _t119,  &_a48, _t115, _t151, "\"", _t159);
				_a40 = 3;
				goto 0x2802b7a0;
				_a280 = 7;
				_a272 = _t163;
				_a256 = r12w;
				r8d = 0;
				E00007FF77FF727FF2390(_t119,  &_a248, _t119, _t150, _t151, _t152, "\"", _t159 | 0xffffffff);
				if ((dil & 0x00000002) == 0) goto 0x2802b804;
				if (_a80 - 8 < 0) goto 0x2802b7f0;
				E00007FF77FF7280044D8(_t119, _t119, _a56, _t119, _t151, "\"", _t159 | 0xffffffff);
				_a80 = 7;
				_a72 = _t163;
				_a56 = r12w;
				if ((dil & 0x00000001) == 0) goto 0x2802b822;
				if (_a128 - 8 < 0) goto 0x2802b822;
				_t79 = E00007FF77FF7280044D8(_t119, _t119, _a104, _t119, _t151, "\"", _t159 | 0xffffffff);
				r8d = 0xfffe;
				E00007FF77FF72800B240(_t79, _t92, 0,  &_a296, _t119, "\"");
				_t145 =  >=  ? _a256 :  &_a256;
				lstrcpyW(??, ??);
				lstrcatW(??, ??);
				if ( *((long long*)(_t151 + 0x20)) - 8 < 0) goto 0x2802b881;
				goto 0x2802b885;
				lstrcatW(??, ??);
				if ( *((long long*)(_t119 + 0x20)) - 8 < 0) goto 0x2802b8a0;
				goto 0x2802b8a4;
				_a32 = _t152;
				_a24 =  &_a136;
				_a16 = _t163;
				_a8 = _t163;
				_v0 = r12d;
				_v8 = r12d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				if (_a280 - 8 < 0) goto 0x2802b8fc;
				E00007FF77FF7280044D8( &_a136, _t119, _a256,  &_a296, _t151, "\"", _t159 | 0xffffffff);
				goto 0x2802b94b;
				if ( *((long long*)(_t119 + 0x20)) - 8 < 0) goto 0x2802b90d;
				goto 0x2802b911;
				_a32 = _t152;
				_a24 =  &_a136;
				_a16 = _t163;
				_a8 = _t163;
				_v0 = r12d;
				_v8 = r12d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				return E00007FF77FF728004050(_t92, _a65832 ^ _t154,  &_a296, "\"", _t159 | 0xffffffff);
			}






















                                                                                                                                                                                                    0x7ff72802b6b0
                                                                                                                                                                                                    0x7ff72802b6b0
                                                                                                                                                                                                    0x7ff72802b6bc
                                                                                                                                                                                                    0x7ff72802b6c1
                                                                                                                                                                                                    0x7ff72802b6c4
                                                                                                                                                                                                    0x7ff72802b6d0
                                                                                                                                                                                                    0x7ff72802b6d7
                                                                                                                                                                                                    0x7ff72802b6da
                                                                                                                                                                                                    0x7ff72802b6e2
                                                                                                                                                                                                    0x7ff72802b6e5
                                                                                                                                                                                                    0x7ff72802b6e8
                                                                                                                                                                                                    0x7ff72802b6eb
                                                                                                                                                                                                    0x7ff72802b6f1
                                                                                                                                                                                                    0x7ff72802b6f8
                                                                                                                                                                                                    0x7ff72802b6fb
                                                                                                                                                                                                    0x7ff72802b6ff
                                                                                                                                                                                                    0x7ff72802b703
                                                                                                                                                                                                    0x7ff72802b710
                                                                                                                                                                                                    0x7ff72802b710
                                                                                                                                                                                                    0x7ff72802b71d
                                                                                                                                                                                                    0x7ff72802b722
                                                                                                                                                                                                    0x7ff72802b72d
                                                                                                                                                                                                    0x7ff72802b73a
                                                                                                                                                                                                    0x7ff72802b740
                                                                                                                                                                                                    0x7ff72802b740
                                                                                                                                                                                                    0x7ff72802b745
                                                                                                                                                                                                    0x7ff72802b752
                                                                                                                                                                                                    0x7ff72802b75b
                                                                                                                                                                                                    0x7ff72802b76f
                                                                                                                                                                                                    0x7ff72802b775
                                                                                                                                                                                                    0x7ff72802b78c
                                                                                                                                                                                                    0x7ff72802b797
                                                                                                                                                                                                    0x7ff72802b79b
                                                                                                                                                                                                    0x7ff72802b7a0
                                                                                                                                                                                                    0x7ff72802b7ac
                                                                                                                                                                                                    0x7ff72802b7b4
                                                                                                                                                                                                    0x7ff72802b7c1
                                                                                                                                                                                                    0x7ff72802b7cf
                                                                                                                                                                                                    0x7ff72802b7d9
                                                                                                                                                                                                    0x7ff72802b7e4
                                                                                                                                                                                                    0x7ff72802b7eb
                                                                                                                                                                                                    0x7ff72802b7f0
                                                                                                                                                                                                    0x7ff72802b7f9
                                                                                                                                                                                                    0x7ff72802b7fe
                                                                                                                                                                                                    0x7ff72802b808
                                                                                                                                                                                                    0x7ff72802b813
                                                                                                                                                                                                    0x7ff72802b81d
                                                                                                                                                                                                    0x7ff72802b824
                                                                                                                                                                                                    0x7ff72802b832
                                                                                                                                                                                                    0x7ff72802b848
                                                                                                                                                                                                    0x7ff72802b859
                                                                                                                                                                                                    0x7ff72802b86e
                                                                                                                                                                                                    0x7ff72802b879
                                                                                                                                                                                                    0x7ff72802b87f
                                                                                                                                                                                                    0x7ff72802b88d
                                                                                                                                                                                                    0x7ff72802b898
                                                                                                                                                                                                    0x7ff72802b89e
                                                                                                                                                                                                    0x7ff72802b8a4
                                                                                                                                                                                                    0x7ff72802b8b1
                                                                                                                                                                                                    0x7ff72802b8b6
                                                                                                                                                                                                    0x7ff72802b8bb
                                                                                                                                                                                                    0x7ff72802b8c0
                                                                                                                                                                                                    0x7ff72802b8c5
                                                                                                                                                                                                    0x7ff72802b8ca
                                                                                                                                                                                                    0x7ff72802b8cd
                                                                                                                                                                                                    0x7ff72802b8d8
                                                                                                                                                                                                    0x7ff72802b8ed
                                                                                                                                                                                                    0x7ff72802b8f7
                                                                                                                                                                                                    0x7ff72802b8fe
                                                                                                                                                                                                    0x7ff72802b905
                                                                                                                                                                                                    0x7ff72802b90b
                                                                                                                                                                                                    0x7ff72802b911
                                                                                                                                                                                                    0x7ff72802b91e
                                                                                                                                                                                                    0x7ff72802b923
                                                                                                                                                                                                    0x7ff72802b928
                                                                                                                                                                                                    0x7ff72802b92d
                                                                                                                                                                                                    0x7ff72802b932
                                                                                                                                                                                                    0x7ff72802b937
                                                                                                                                                                                                    0x7ff72802b93a
                                                                                                                                                                                                    0x7ff72802b93f
                                                                                                                                                                                                    0x7ff72802b968

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateProcesslstrcat$lstrcpy
                                                                                                                                                                                                    • String ID: h
                                                                                                                                                                                                    • API String ID: 3136576379-2439710439
                                                                                                                                                                                                    • Opcode ID: 921a10a08777df4f326595dd1351c16fdca3307fa6b663e0858bbc25aff6aeb9
                                                                                                                                                                                                    • Instruction ID: c9a0c3f4af4f7d8acf4acbb667f7c1c749a4345a362259b5dc299a834f42d0cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 921a10a08777df4f326595dd1351c16fdca3307fa6b663e0858bbc25aff6aeb9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0619F32A18A81C2E730AF24EC547AAF361FB84354F904236DA9D46AE8DF7DD155CF18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014FCC Relevance: 10.6, APIs: 7, Instructions: 138COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                    			E00007FF77FF728014FCC(intOrPtr* __rax, long long __rbx, signed int* __rcx, void* __rdx, void* __r8, long long _a8, signed int _a32, intOrPtr _a40) {
				intOrPtr _v32;
				intOrPtr _v40;
				char _v56;
				long long _v88;
				void* __rsi;
				void* __rbp;
				intOrPtr* _t41;
				void* _t51;
				void* _t52;
				long long _t53;

				_t41 = __rax;
				_a8 = __rbx;
				_a32 = r9w;
				_t51 = __r8;
				_t52 = __rdx;
				if (__rdx != _t53) goto 0x28015001;
				if (__r8 - _t53 <= 0) goto 0x28015001;
				if (__rcx == _t53) goto 0x28014ffa;
				 *__rcx = 0;
				goto 0x280150a5;
				if (__rcx == _t53) goto 0x28015009;
				 *__rcx =  *__rcx | 0xffffffff;
				if (__r8 - 0x7fffffff <= 0) goto 0x28015036;
				E00007FF77FF7280078AC(__rax);
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				_v88 = _t53;
				E00007FF77FF728004430(__rax, __rcx, __rcx, __rdx, __rdx, _t53, __r8);
				goto 0x280150a5;
				E00007FF77FF728004E5C(__rax,  &_v56, _a40);
				if ( *((intOrPtr*)(_v56 + 0x14)) != 0) goto 0x28015124;
				if ((_a32 & 0x0000ffff) - 0xff <= 0) goto 0x280150b5;
				if (_t52 == _t53) goto 0x28015080;
				if (_t51 - _t53 <= 0) goto 0x28015080;
				E00007FF77FF72800B240(_a32 & 0x0000ffff, 0xff, 0, _t52, _a40, _t51);
				E00007FF77FF7280078AC(_t41);
				 *_t41 = 0x2a;
				E00007FF77FF7280078AC(_t41);
				if (_v32 == bpl) goto 0x280150a5;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				return  *_t41;
			}













                                                                                                                                                                                                    0x7ff728014fcc
                                                                                                                                                                                                    0x7ff728014fcc
                                                                                                                                                                                                    0x7ff728014fd1
                                                                                                                                                                                                    0x7ff728014fe0
                                                                                                                                                                                                    0x7ff728014fe3
                                                                                                                                                                                                    0x7ff728014fec
                                                                                                                                                                                                    0x7ff728014ff1
                                                                                                                                                                                                    0x7ff728014ff6
                                                                                                                                                                                                    0x7ff728014ff8
                                                                                                                                                                                                    0x7ff728014ffc
                                                                                                                                                                                                    0x7ff728015004
                                                                                                                                                                                                    0x7ff728015006
                                                                                                                                                                                                    0x7ff728015010
                                                                                                                                                                                                    0x7ff728015012
                                                                                                                                                                                                    0x7ff72801501c
                                                                                                                                                                                                    0x7ff72801501f
                                                                                                                                                                                                    0x7ff728015026
                                                                                                                                                                                                    0x7ff728015028
                                                                                                                                                                                                    0x7ff72801502d
                                                                                                                                                                                                    0x7ff728015034
                                                                                                                                                                                                    0x7ff728015043
                                                                                                                                                                                                    0x7ff728015051
                                                                                                                                                                                                    0x7ff728015067
                                                                                                                                                                                                    0x7ff72801506c
                                                                                                                                                                                                    0x7ff728015071
                                                                                                                                                                                                    0x7ff72801507b
                                                                                                                                                                                                    0x7ff728015080
                                                                                                                                                                                                    0x7ff728015085
                                                                                                                                                                                                    0x7ff72801508b
                                                                                                                                                                                                    0x7ff728015097
                                                                                                                                                                                                    0x7ff72801509e
                                                                                                                                                                                                    0x7ff7280150b4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$ByteCharErrorLastMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3895584640-0
                                                                                                                                                                                                    • Opcode ID: e3ab19df20f39bfc49d13db797055911675bc5e6ef2466dfda626c9a0c4a69ea
                                                                                                                                                                                                    • Instruction ID: b56e57f713f6505b93570bc9c6a58b025bf70d078d9f1737e7ee05f71d59718c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3ab19df20f39bfc49d13db797055911675bc5e6ef2466dfda626c9a0c4a69ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3751C832E0C6828AF771AF64DC4067EF650EB80B60FD49137D69D0B6C5EE2E94418F29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728004308 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 17%
                                                                                                                                                                                                    			E00007FF77FF728004308() {
				void* _v0;
				long long _v992;
				long long _v1088;
				char _v1240;
				long long _v1384;
				char _v1396;
				signed int _v1400;
				char _v1416;
				char _v1424;
				long long _v1432;
				long long _v1440;
				void* _v1448;
				signed long long _v1456;
				long long _v1464;
				long long _v1472;
				long long _v1480;
				void* _t30;
				int _t32;
				void* _t39;
				long long _t48;
				void* _t61;
				void* _t64;

				_v1400 = _v1400 & 0x00000000;
				r8d = 0x94;
				E00007FF77FF72800B240(_t30, _t39, 0,  &_v1396, _t61, _t64);
				_t48 =  &_v1240;
				_v1440 =  &_v1400;
				_v1432 = _t48;
				__imp__RtlCaptureContext();
				r8d = 0;
				0x2801a26c();
				if (_t48 == 0) goto 0x280043a5;
				_v1456 = _v1456 & 0x00000000;
				_v1464 =  &_v1416;
				_v1472 =  &_v1424;
				_v1480 =  &_v1240;
				0x2801a266();
				goto 0x280043c5;
				_v992 = _v0;
				_v1088 =  &_v0;
				_v1400 = 0xc0000417;
				_v1396 = 1;
				_v1384 = _v0;
				_t32 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				if (UnhandledExceptionFilter(??) != 0) goto 0x28004410;
				if (_t32 != 0) goto 0x28004410;
				E00007FF77FF72800B7A0(_t34);
				GetCurrentProcess();
				return TerminateProcess(??, ??);
			}

























                                                                                                                                                                                                    0x7ff728004311
                                                                                                                                                                                                    0x7ff72800431d
                                                                                                                                                                                                    0x7ff728004323
                                                                                                                                                                                                    0x7ff72800432d
                                                                                                                                                                                                    0x7ff72800433d
                                                                                                                                                                                                    0x7ff728004342
                                                                                                                                                                                                    0x7ff728004347
                                                                                                                                                                                                    0x7ff72800435d
                                                                                                                                                                                                    0x7ff728004360
                                                                                                                                                                                                    0x7ff728004368
                                                                                                                                                                                                    0x7ff72800436a
                                                                                                                                                                                                    0x7ff72800437a
                                                                                                                                                                                                    0x7ff728004387
                                                                                                                                                                                                    0x7ff728004397
                                                                                                                                                                                                    0x7ff72800439e
                                                                                                                                                                                                    0x7ff7280043a3
                                                                                                                                                                                                    0x7ff7280043ad
                                                                                                                                                                                                    0x7ff7280043bd
                                                                                                                                                                                                    0x7ff7280043cd
                                                                                                                                                                                                    0x7ff7280043d5
                                                                                                                                                                                                    0x7ff7280043dd
                                                                                                                                                                                                    0x7ff7280043e5
                                                                                                                                                                                                    0x7ff7280043ef
                                                                                                                                                                                                    0x7ff728004402
                                                                                                                                                                                                    0x7ff728004406
                                                                                                                                                                                                    0x7ff72800440b
                                                                                                                                                                                                    0x7ff728004410
                                                                                                                                                                                                    0x7ff72800442c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1269745586-0
                                                                                                                                                                                                    • Opcode ID: 9acd44f4c9021e6a40fc53f3eba1dfe77eba2fb851b38d84d1ef46dfb6a26ca4
                                                                                                                                                                                                    • Instruction ID: c7091110d26181036e8508f5170d8912d78739202f1ebb3c1dc08c8be3355a80
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9acd44f4c9021e6a40fc53f3eba1dfe77eba2fb851b38d84d1ef46dfb6a26ca4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B312F32A0DB8686EA749B55F8407AAF3A0FB84744F900136DA8D43A99EF7DD144CF14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801AABC Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 298COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00007FF77FF72801AABC(void* __eflags, long long __rbx, unsigned int* __rcx, char* __rdx, long long __rdi, void* __rsi, void* __r8, void* __r9, void* __r10, void* __r11, long long __r12) {
				void* _t93;
				char _t94;
				signed char _t95;
				signed int _t123;
				signed int _t124;
				signed int _t138;
				void* _t139;
				intOrPtr* _t176;
				signed long long _t180;
				intOrPtr* _t196;
				signed int* _t197;
				void* _t209;
				signed long long _t215;
				signed long long _t224;
				void* _t225;
				signed long long _t230;
				signed long long _t232;
				signed long long _t233;
				signed long long _t236;
				signed long long _t237;
				char* _t242;
				char* _t243;
				intOrPtr* _t244;
				void* _t245;
				intOrPtr* _t246;
				char* _t247;
				void* _t248;
				char* _t250;
				void* _t251;
				char* _t252;
				char* _t253;
				char* _t254;
				char* _t255;
				long long _t258;
				intOrPtr* _t260;
				void* _t261;
				char* _t268;
				void* _t270;
				void* _t271;
				void* _t275;
				unsigned int* _t276;
				long long _t278;
				intOrPtr* _t279;
				void* _t281;

				_t271 = __r11;
				_t270 = __r10;
				_t263 = __r8;
				_t257 = __rsi;
				_t176 = _t260;
				 *((long long*)(_t176 + 8)) = __rbx;
				 *((long long*)(_t176 + 0x10)) = _t258;
				 *((long long*)(_t176 + 0x18)) = __rdi;
				 *((long long*)(_t176 + 0x20)) = __r12;
				_t261 = _t260 - 0x50;
				_t242 = __rdx;
				_t276 = __rcx;
				_t209 = __r8;
				r15d = 0x3ff;
				r12d = 0x30;
				E00007FF77FF728004E5C(_t176, _t176 - 0x38,  *((intOrPtr*)(_t261 + 0x98)));
				r14d = 0;
				_t138 =  <  ? r14d : r9d;
				if (__rdx != _t278) goto 0x2801ab4b;
				E00007FF77FF7280078AC(_t176);
				r9d = 0;
				r8d = 0;
				 *_t176 = __r12 - 0x1a;
				 *((long long*)(_t261 + 0x20)) = _t278;
				E00007FF77FF728004430(_t176, __r8, _t176 - 0x38,  *((intOrPtr*)(_t261 + 0x98)), __rsi, _t258, __r8, _t281, _t278);
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0x2801ab44;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x2801aec6;
				if (_t209 - _t278 > 0) goto 0x2801ab85;
				E00007FF77FF7280078AC(_t176);
				r9d = 0;
				r8d = 0;
				 *_t176 = 0x16;
				 *((long long*)(_t261 + 0x20)) = _t278;
				E00007FF77FF728004430(_t176, _t209,  *((intOrPtr*)(_t261 + 0x40)),  *((intOrPtr*)(_t261 + 0x98)), _t257, _t258, _t263);
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0x2801ab44;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x2801ab44;
				 *_t242 = r14b;
				_t215 = _t258 + 0xb;
				if (_t209 - _t215 > 0) goto 0x2801aba2;
				E00007FF77FF7280078AC( *((intOrPtr*)(_t261 + 0x40)));
				goto 0x2801ab1b;
				_t180 =  *_t276 >> 0x00000034 & _t215;
				if (_t180 != _t215) goto 0x2801ac56;
				_t20 = _t242 + 2; // 0x401
				_t230 = _t20;
				r9d = _t138;
				_t265 =  ==  ? _t209 : _t209 - 2;
				 *((long long*)(_t261 + 0x28)) = _t278;
				 *((intOrPtr*)(_t261 + 0x20)) = r14d;
				if (E00007FF77FF72801A9B0(0x22, _t276, _t230, _t258,  ==  ? _t209 : _t209 - 2, _t275) == r14d) goto 0x2801ac04;
				 *_t242 = r14b;
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0x2801aec6;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x2801aec6;
				if ( *((char*)(_t242 + 2)) != 0x2d) goto 0x2801ac10;
				 *_t242 = 0x2d;
				_t243 = _t242 + 1;
				 *_t243 = 0x30;
				asm("sbb cl, cl");
				 *((char*)(_t243 + 1)) = 0x158;
				_t30 = _t243 + 2; // 0x402
				E00007FF77FF72801B3A4(0x65, _t30,  ==  ? _t209 : _t209 - 2);
				if (_t180 == _t278) goto 0x2801ac4c;
				asm("sbb cl, cl");
				 *_t180 = 0xb0;
				 *((intOrPtr*)(_t180 + 3)) = r14b;
				goto 0x2801aeb6;
				if (( *_t276 & 0x00000000) == 0) goto 0x2801ac6c;
				 *_t243 = 0x2d;
				_t244 = _t243 + 1;
				r9d =  *(_t261 + 0x90);
				r11d = 0x30;
				 *_t244 = r11b;
				asm("sbb cl, cl");
				asm("sbb edx, edx");
				 *((char*)(_t244 + 1)) = 0x118;
				if (( *_t276 & 0x00000000) != 0) goto 0x2801acd2;
				 *((intOrPtr*)(_t244 + 2)) = r11b;
				_t245 = _t244 + 3;
				asm("dec ebp");
				r15d = r15d & 0x000003fe;
				goto 0x2801acda;
				 *((char*)(_t245 + 2)) = 0x31;
				_t246 = _t245 + 3;
				r10d = 0;
				_t279 = _t246;
				_t247 = _t246 + 1;
				if (_t138 != r10d) goto 0x2801aced;
				 *_t279 = r10b;
				goto 0x2801ad01;
				 *_t279 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x30)) + 0x128))))));
				if (( *_t276 & 0xffffffff) <= 0) goto 0x2801ad9b;
				if (_t138 - r10d <= 0) goto 0x2801ad4d;
				_t93 =  ~r9d + r11w;
				if (_t93 - 0x39 <= 0) goto 0x2801ad37;
				_t94 = _t93 + 0xffffffff00000087;
				r12w = r12w + 0xfffc;
				 *_t247 = _t94;
				_t248 = _t247 + 1;
				_t139 = _t138 - 1;
				if (r12w - r10w >= 0) goto 0x2801ad15;
				if (r12w - r10w < 0) goto 0x2801ad9b;
				if (_t94 - 8 <= 0) goto 0x2801ad9b;
				_t45 = _t248 - 1; // 0x3fc
				_t196 = _t45;
				if ( *_t196 == 0x66) goto 0x2801ad77;
				if ( *_t196 != 0x46) goto 0x2801ad7f;
				 *_t196 = r11b;
				_t197 = _t196 - 1;
				goto 0x2801ad6d;
				if (_t197 == _t279) goto 0x2801ad98;
				_t123 =  *_t197;
				if (_t123 != 0x39) goto 0x2801ad92;
				 *_t197 = 0xffffffff000000c1;
				goto 0x2801ad9b;
				_t124 = _t123 + 1;
				 *_t197 = _t124;
				goto 0x2801ad9b;
				 *((char*)(_t197 - 1)) =  *((char*)(_t197 - 1)) + 1;
				if (_t139 - r10d <= 0) goto 0x2801adc2;
				r8d = _t139;
				_t95 = E00007FF77FF72800B240(_t94, _t124, r11b, _t248, _t230, 0 >> 4);
				r9d =  *(_t261 + 0x90);
				r10d = 0;
				_t49 = _t270 + 0x30; // 0x30
				r11d = _t49;
				_t250 =  ==  ? _t279 : _t248 + 0xffffffff;
				r9d =  ~r9d;
				asm("sbb al, al");
				 *_t250 = (_t95 & 0x000000e0) + 0x70;
				if ( *_t279 - r10b < 0) goto 0x2801adf1;
				 *((char*)(_t250 + 1)) = 0x2b;
				_t251 = _t250 + 2;
				goto 0x2801adfc;
				 *((char*)(_t251 + 1)) = 0x2d;
				_t252 = _t251 + 2;
				_t224 =  ~(( *_t276 >> 0x34) - _t281);
				_t268 = _t252;
				 *_t252 = r11b;
				if (_t224 - 0x3e8 < 0) goto 0x2801ae3e;
				_t232 = (_t230 >> 7) + (_t230 >> 7 >> 0x3f);
				_t233 = _t232 * 0xfffffc18;
				 *_t252 = _t271 + _t232;
				_t253 = _t252 + 1;
				_t225 = _t224 + _t233;
				if (_t253 != _t268) goto 0x2801ae44;
				if (_t225 - 0x64 < 0) goto 0x2801ae72;
				_t236 = (_t233 + _t225 >> 6) + (_t233 + _t225 >> 6 >> 0x3f);
				_t237 = _t236 * 0xffffff9c;
				 *_t253 = _t271 + _t236;
				_t254 = _t253 + 1;
				if (_t254 != _t268) goto 0x2801ae7d;
				if (_t225 + _t237 - 0xa < 0) goto 0x2801aea8;
				 *_t254 = _t271 + (_t237 >> 2) + (_t237 >> 2 >> 0x3f);
				_t255 = _t254 + 1;
				 *_t255 = (_t124 & 0x000007ff) + r11b;
				 *((intOrPtr*)(_t255 + 1)) = r10b;
				if ( *((intOrPtr*)(_t261 + 0x48)) == r10b) goto 0x2801aec4;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}















































                                                                                                                                                                                                    0x7ff72801aabc
                                                                                                                                                                                                    0x7ff72801aabc
                                                                                                                                                                                                    0x7ff72801aabc
                                                                                                                                                                                                    0x7ff72801aabc
                                                                                                                                                                                                    0x7ff72801aabc
                                                                                                                                                                                                    0x7ff72801aabf
                                                                                                                                                                                                    0x7ff72801aac3
                                                                                                                                                                                                    0x7ff72801aac7
                                                                                                                                                                                                    0x7ff72801aacb
                                                                                                                                                                                                    0x7ff72801aad5
                                                                                                                                                                                                    0x7ff72801aad9
                                                                                                                                                                                                    0x7ff72801aae4
                                                                                                                                                                                                    0x7ff72801aaee
                                                                                                                                                                                                    0x7ff72801aaf1
                                                                                                                                                                                                    0x7ff72801aaf7
                                                                                                                                                                                                    0x7ff72801aafd
                                                                                                                                                                                                    0x7ff72801ab02
                                                                                                                                                                                                    0x7ff72801ab08
                                                                                                                                                                                                    0x7ff72801ab0f
                                                                                                                                                                                                    0x7ff72801ab11
                                                                                                                                                                                                    0x7ff72801ab1b
                                                                                                                                                                                                    0x7ff72801ab1e
                                                                                                                                                                                                    0x7ff72801ab25
                                                                                                                                                                                                    0x7ff72801ab27
                                                                                                                                                                                                    0x7ff72801ab2c
                                                                                                                                                                                                    0x7ff72801ab36
                                                                                                                                                                                                    0x7ff72801ab3d
                                                                                                                                                                                                    0x7ff72801ab46
                                                                                                                                                                                                    0x7ff72801ab4e
                                                                                                                                                                                                    0x7ff72801ab50
                                                                                                                                                                                                    0x7ff72801ab5a
                                                                                                                                                                                                    0x7ff72801ab5d
                                                                                                                                                                                                    0x7ff72801ab64
                                                                                                                                                                                                    0x7ff72801ab66
                                                                                                                                                                                                    0x7ff72801ab6b
                                                                                                                                                                                                    0x7ff72801ab75
                                                                                                                                                                                                    0x7ff72801ab7c
                                                                                                                                                                                                    0x7ff72801ab83
                                                                                                                                                                                                    0x7ff72801ab88
                                                                                                                                                                                                    0x7ff72801ab8b
                                                                                                                                                                                                    0x7ff72801ab91
                                                                                                                                                                                                    0x7ff72801ab93
                                                                                                                                                                                                    0x7ff72801ab9d
                                                                                                                                                                                                    0x7ff72801abaf
                                                                                                                                                                                                    0x7ff72801abb5
                                                                                                                                                                                                    0x7ff72801abc3
                                                                                                                                                                                                    0x7ff72801abc3
                                                                                                                                                                                                    0x7ff72801abc7
                                                                                                                                                                                                    0x7ff72801abcd
                                                                                                                                                                                                    0x7ff72801abd1
                                                                                                                                                                                                    0x7ff72801abd6
                                                                                                                                                                                                    0x7ff72801abe3
                                                                                                                                                                                                    0x7ff72801abe5
                                                                                                                                                                                                    0x7ff72801abed
                                                                                                                                                                                                    0x7ff72801abf8
                                                                                                                                                                                                    0x7ff72801abff
                                                                                                                                                                                                    0x7ff72801ac08
                                                                                                                                                                                                    0x7ff72801ac0a
                                                                                                                                                                                                    0x7ff72801ac0d
                                                                                                                                                                                                    0x7ff72801ac17
                                                                                                                                                                                                    0x7ff72801ac23
                                                                                                                                                                                                    0x7ff72801ac2b
                                                                                                                                                                                                    0x7ff72801ac2e
                                                                                                                                                                                                    0x7ff72801ac32
                                                                                                                                                                                                    0x7ff72801ac3a
                                                                                                                                                                                                    0x7ff72801ac3e
                                                                                                                                                                                                    0x7ff72801ac46
                                                                                                                                                                                                    0x7ff72801ac48
                                                                                                                                                                                                    0x7ff72801ac51
                                                                                                                                                                                                    0x7ff72801ac64
                                                                                                                                                                                                    0x7ff72801ac66
                                                                                                                                                                                                    0x7ff72801ac69
                                                                                                                                                                                                    0x7ff72801ac6c
                                                                                                                                                                                                    0x7ff72801ac74
                                                                                                                                                                                                    0x7ff72801ac87
                                                                                                                                                                                                    0x7ff72801ac8f
                                                                                                                                                                                                    0x7ff72801aca3
                                                                                                                                                                                                    0x7ff72801aca5
                                                                                                                                                                                                    0x7ff72801acb2
                                                                                                                                                                                                    0x7ff72801acb4
                                                                                                                                                                                                    0x7ff72801acbc
                                                                                                                                                                                                    0x7ff72801acc6
                                                                                                                                                                                                    0x7ff72801acc9
                                                                                                                                                                                                    0x7ff72801acd0
                                                                                                                                                                                                    0x7ff72801acd2
                                                                                                                                                                                                    0x7ff72801acd6
                                                                                                                                                                                                    0x7ff72801acda
                                                                                                                                                                                                    0x7ff72801acdd
                                                                                                                                                                                                    0x7ff72801ace0
                                                                                                                                                                                                    0x7ff72801ace6
                                                                                                                                                                                                    0x7ff72801ace8
                                                                                                                                                                                                    0x7ff72801aceb
                                                                                                                                                                                                    0x7ff72801acfe
                                                                                                                                                                                                    0x7ff72801ad05
                                                                                                                                                                                                    0x7ff72801ad18
                                                                                                                                                                                                    0x7ff72801ad2a
                                                                                                                                                                                                    0x7ff72801ad32
                                                                                                                                                                                                    0x7ff72801ad34
                                                                                                                                                                                                    0x7ff72801ad37
                                                                                                                                                                                                    0x7ff72801ad3c
                                                                                                                                                                                                    0x7ff72801ad42
                                                                                                                                                                                                    0x7ff72801ad45
                                                                                                                                                                                                    0x7ff72801ad4b
                                                                                                                                                                                                    0x7ff72801ad51
                                                                                                                                                                                                    0x7ff72801ad67
                                                                                                                                                                                                    0x7ff72801ad69
                                                                                                                                                                                                    0x7ff72801ad69
                                                                                                                                                                                                    0x7ff72801ad70
                                                                                                                                                                                                    0x7ff72801ad75
                                                                                                                                                                                                    0x7ff72801ad77
                                                                                                                                                                                                    0x7ff72801ad7a
                                                                                                                                                                                                    0x7ff72801ad7d
                                                                                                                                                                                                    0x7ff72801ad82
                                                                                                                                                                                                    0x7ff72801ad84
                                                                                                                                                                                                    0x7ff72801ad89
                                                                                                                                                                                                    0x7ff72801ad8e
                                                                                                                                                                                                    0x7ff72801ad90
                                                                                                                                                                                                    0x7ff72801ad92
                                                                                                                                                                                                    0x7ff72801ad94
                                                                                                                                                                                                    0x7ff72801ad96
                                                                                                                                                                                                    0x7ff72801ad98
                                                                                                                                                                                                    0x7ff72801ad9e
                                                                                                                                                                                                    0x7ff72801ada0
                                                                                                                                                                                                    0x7ff72801adab
                                                                                                                                                                                                    0x7ff72801adb0
                                                                                                                                                                                                    0x7ff72801adbb
                                                                                                                                                                                                    0x7ff72801adbe
                                                                                                                                                                                                    0x7ff72801adbe
                                                                                                                                                                                                    0x7ff72801adc5
                                                                                                                                                                                                    0x7ff72801adc9
                                                                                                                                                                                                    0x7ff72801adcc
                                                                                                                                                                                                    0x7ff72801add2
                                                                                                                                                                                                    0x7ff72801ade5
                                                                                                                                                                                                    0x7ff72801ade7
                                                                                                                                                                                                    0x7ff72801adeb
                                                                                                                                                                                                    0x7ff72801adef
                                                                                                                                                                                                    0x7ff72801adf1
                                                                                                                                                                                                    0x7ff72801adf5
                                                                                                                                                                                                    0x7ff72801adf9
                                                                                                                                                                                                    0x7ff72801ae03
                                                                                                                                                                                                    0x7ff72801ae06
                                                                                                                                                                                                    0x7ff72801ae09
                                                                                                                                                                                                    0x7ff72801ae23
                                                                                                                                                                                                    0x7ff72801ae2a
                                                                                                                                                                                                    0x7ff72801ae31
                                                                                                                                                                                                    0x7ff72801ae33
                                                                                                                                                                                                    0x7ff72801ae36
                                                                                                                                                                                                    0x7ff72801ae3c
                                                                                                                                                                                                    0x7ff72801ae42
                                                                                                                                                                                                    0x7ff72801ae5f
                                                                                                                                                                                                    0x7ff72801ae66
                                                                                                                                                                                                    0x7ff72801ae6a
                                                                                                                                                                                                    0x7ff72801ae6c
                                                                                                                                                                                                    0x7ff72801ae75
                                                                                                                                                                                                    0x7ff72801ae7b
                                                                                                                                                                                                    0x7ff72801aea0
                                                                                                                                                                                                    0x7ff72801aea2
                                                                                                                                                                                                    0x7ff72801aeb0
                                                                                                                                                                                                    0x7ff72801aeb2
                                                                                                                                                                                                    0x7ff72801aeb6
                                                                                                                                                                                                    0x7ff72801aebd
                                                                                                                                                                                                    0x7ff72801aee4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer_getptd
                                                                                                                                                                                                    • String ID: 0$gfffffff
                                                                                                                                                                                                    • API String ID: 2834218312-1804767287
                                                                                                                                                                                                    • Opcode ID: 5e0a4473535deda9db7320d224ec572da4a58290ec71d1521485fd4c5be27886
                                                                                                                                                                                                    • Instruction ID: bac17d8db71d2970bf6f487b033dec08785ffdea529df5f763fc4b9a13edc7d2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0a4473535deda9db7320d224ec572da4a58290ec71d1521485fd4c5be27886
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12B16C62B087C647E7319B2A9D4036DFB95EB117A0F849132DB5D077D6EA3EE420CB24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728013A4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF77FF728013A4C(void* __ebx, void* __ecx, long long __rbx, char* __rcx, void* __rdx, void* __r9, long long _a24) {
				signed int _v16;
				char _v24;
				signed long long _t25;
				signed long long _t26;
				void* _t40;
				void* _t44;

				_t44 = __r9;
				_a24 = __rbx;
				_t25 =  *0x28040430; // 0x449f3b8ca6a
				_t26 = _t25 ^ _t40 - 0x00000030;
				_v16 = _t26;
				if (__rcx == 0) goto 0x28013ad6;
				if ( *__rcx == 0) goto 0x28013ad6;
				if (E00007FF77FF72800BBE0(__ecx, __rcx, 0x28032ac8) == 0) goto 0x28013ad6;
				if (E00007FF77FF72800BBE0(__ecx, __rcx, 0x28032ac4) != 0) goto 0x28013ab6;
				_t4 = _t26 + 8; // 0x8
				r9d = _t4;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0x28013af3;
				E00007FF77FF728004984(_t26, 0x28032ac4);
				return E00007FF77FF728004050( *((intOrPtr*)(__rdx + 0x24)), _v16 ^ _t40 - 0x00000030, 0x28032ac4,  &_v24, _t44);
			}









                                                                                                                                                                                                    0x7ff728013a4c
                                                                                                                                                                                                    0x7ff728013a4c
                                                                                                                                                                                                    0x7ff728013a56
                                                                                                                                                                                                    0x7ff728013a5d
                                                                                                                                                                                                    0x7ff728013a60
                                                                                                                                                                                                    0x7ff728013a6e
                                                                                                                                                                                                    0x7ff728013a73
                                                                                                                                                                                                    0x7ff728013a83
                                                                                                                                                                                                    0x7ff728013a96
                                                                                                                                                                                                    0x7ff728013a9b
                                                                                                                                                                                                    0x7ff728013a9b
                                                                                                                                                                                                    0x7ff728013aaf
                                                                                                                                                                                                    0x7ff728013ab9
                                                                                                                                                                                                    0x7ff728013ad5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF7280142E0,?,?,?,?,00000000,00007FF728008850), ref: 00007FF728013AA7
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF7280142E0,?,?,?,?,00000000,00007FF728008850), ref: 00007FF728013AE9
                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,00000000,00007FF7280142E0,?,?,?,?,00000000,00007FF728008850), ref: 00007FF728013B0C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                    • Opcode ID: 05857ef6789c705f425dab733761c92d82b1b5cb51473c9fdfa44ed524b23ad1
                                                                                                                                                                                                    • Instruction ID: 699d033feeb82cd52d421b0a4e55d8750d47f940565a36bd649634e3a2c56b80
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05857ef6789c705f425dab733761c92d82b1b5cb51473c9fdfa44ed524b23ad1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9215C21B0854782FA30BB21ED111B9E3A0FF48794FC95032DA4D825E5EE6EE5048F28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728006F3C Relevance: 7.6, APIs: 5, Instructions: 105COMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF77FF728006F3C(intOrPtr* __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int __r9, long long _a8, long long _a16, long long _a24, signed long long _a32) {
				long long _v40;
				signed int _t35;
				signed int _t42;
				void* _t55;
				long long _t69;
				long long* _t71;
				long long _t79;
				signed long long _t82;
				long long _t92;

				_t88 = __r8;
				_t84 = __rbp;
				_t78 = __rdx;
				_t73 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __rcx;
				r12d = r8d;
				_t71 = __rcx;
				if ((0 | __rcx != _t79) != 0) goto 0x28006f95;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(__rax, __rcx, __rcx, __rdx, __r9, __rbp, __r8);
				goto 0x28007093;
				if (r8d == 4) goto 0x28006fcd;
				if (r8d == 0) goto 0x28006fcd;
				if (r8d == 0x40) goto 0x28006fcd;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(__rax, _t71, _t73, _t78, __r9, _t84, _t88);
				goto 0x28007093;
				if (r8d == 0) goto 0x28006fd8;
				if (r8d != 0x40) goto 0x2800700b;
				_t69 = __r9 - 2;
				if (_t69 - 0x7ffffffd <= 0) goto 0x2800700b;
				E00007FF77FF7280078AC(_t69);
				 *_t69 = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				_t35 = E00007FF77FF728004430(_t69, _t71, _t73, _t78, __r9, _t84, _t88);
				goto 0x28007093;
				_t82 = __r9 & 0xfffffffe;
				E00007FF77FF72800B4D0(_t35 | 0xffffffff, _t73);
				E00007FF77FF728006BCC(_t71, _t71, _t82);
				E00007FF77FF728011B24(_t69, _t71);
				 *(_t71 + 0x18) =  *(_t71 + 0x18) & 0xffffc2f3;
				if ((r12b & 0x00000004) == 0) goto 0x2800704b;
				 *(_t71 + 0x18) =  *(_t71 + 0x18) | 0x00000004;
				_a32 = _t82;
				goto 0x2800707c;
				if (_t71 + 0x20 != _t79) goto 0x28007074;
				_t42 = E00007FF77FF72800A574(_t55, _t69, _t71, _t82, _t82, _t84);
				_t92 = _t69;
				if (_t69 != _t79) goto 0x2800706b;
				 *0x280430c8 =  *0x280430c8 + 1;
				goto 0x28007089;
				 *(_t71 + 0x18) =  *(_t71 + 0x18) | 0x00000408;
				goto 0x2800707c;
				 *(_t71 + 0x18) = _t42 | 0x00000500;
				 *((intOrPtr*)(_t71 + 0x24)) = 2;
				 *((long long*)(_t71 + 0x10)) = _t92;
				 *_t71 = _t92;
				 *((intOrPtr*)(_t71 + 8)) = 0xffffffff;
				E00007FF77FF72800B560(_t42 | 0x00000500, _t71);
				return 0xffffffff;
			}












                                                                                                                                                                                                    0x7ff728006f3c
                                                                                                                                                                                                    0x7ff728006f3c
                                                                                                                                                                                                    0x7ff728006f3c
                                                                                                                                                                                                    0x7ff728006f3c
                                                                                                                                                                                                    0x7ff728006f3c
                                                                                                                                                                                                    0x7ff728006f41
                                                                                                                                                                                                    0x7ff728006f46
                                                                                                                                                                                                    0x7ff728006f57
                                                                                                                                                                                                    0x7ff728006f5d
                                                                                                                                                                                                    0x7ff728006f6c
                                                                                                                                                                                                    0x7ff728006f6e
                                                                                                                                                                                                    0x7ff728006f73
                                                                                                                                                                                                    0x7ff728006f79
                                                                                                                                                                                                    0x7ff728006f7e
                                                                                                                                                                                                    0x7ff728006f81
                                                                                                                                                                                                    0x7ff728006f88
                                                                                                                                                                                                    0x7ff728006f90
                                                                                                                                                                                                    0x7ff728006f99
                                                                                                                                                                                                    0x7ff728006f9e
                                                                                                                                                                                                    0x7ff728006fa4
                                                                                                                                                                                                    0x7ff728006fa6
                                                                                                                                                                                                    0x7ff728006fab
                                                                                                                                                                                                    0x7ff728006fb1
                                                                                                                                                                                                    0x7ff728006fb6
                                                                                                                                                                                                    0x7ff728006fb9
                                                                                                                                                                                                    0x7ff728006fc0
                                                                                                                                                                                                    0x7ff728006fc8
                                                                                                                                                                                                    0x7ff728006fd0
                                                                                                                                                                                                    0x7ff728006fd6
                                                                                                                                                                                                    0x7ff728006fd8
                                                                                                                                                                                                    0x7ff728006fe2
                                                                                                                                                                                                    0x7ff728006fe4
                                                                                                                                                                                                    0x7ff728006fe9
                                                                                                                                                                                                    0x7ff728006fef
                                                                                                                                                                                                    0x7ff728006ff4
                                                                                                                                                                                                    0x7ff728006ff7
                                                                                                                                                                                                    0x7ff728006ffe
                                                                                                                                                                                                    0x7ff728007006
                                                                                                                                                                                                    0x7ff72800700b
                                                                                                                                                                                                    0x7ff72800700f
                                                                                                                                                                                                    0x7ff728007018
                                                                                                                                                                                                    0x7ff728007020
                                                                                                                                                                                                    0x7ff728007025
                                                                                                                                                                                                    0x7ff728007033
                                                                                                                                                                                                    0x7ff728007038
                                                                                                                                                                                                    0x7ff728007044
                                                                                                                                                                                                    0x7ff728007049
                                                                                                                                                                                                    0x7ff72800704e
                                                                                                                                                                                                    0x7ff728007053
                                                                                                                                                                                                    0x7ff728007058
                                                                                                                                                                                                    0x7ff72800705e
                                                                                                                                                                                                    0x7ff728007060
                                                                                                                                                                                                    0x7ff728007069
                                                                                                                                                                                                    0x7ff72800706b
                                                                                                                                                                                                    0x7ff728007072
                                                                                                                                                                                                    0x7ff728007079
                                                                                                                                                                                                    0x7ff72800707c
                                                                                                                                                                                                    0x7ff72800707f
                                                                                                                                                                                                    0x7ff728007083
                                                                                                                                                                                                    0x7ff728007086
                                                                                                                                                                                                    0x7ff72800708c
                                                                                                                                                                                                    0x7ff7280070a6

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2310398763-0
                                                                                                                                                                                                    • Opcode ID: c827abf252cecc7df5f4a5742bc49cb4568c02ee89e71d0df796e521da3256ab
                                                                                                                                                                                                    • Instruction ID: 6a34dcee7c0c71bc965e2b707daf374d0d9f5e6003d02aa516c6f74feea3822c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c827abf252cecc7df5f4a5742bc49cb4568c02ee89e71d0df796e521da3256ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5241D072E1861281F334AF25AD0163AF291EF80764FA40333DA7946AD5CE7FE4408E68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728013CEC Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF77FF728013CEC(void* __ecx, void* __edx, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v152;
				signed int _t58;
				signed int _t68;
				signed int _t85;
				void* _t105;
				signed long long _t131;
				signed long long _t132;
				signed long long _t155;
				void* _t156;
				void* _t159;

				_t167 = __r9;
				_t157 = __rbp;
				_a16 = __rbx;
				_a24 = __rbp;
				_t131 =  *0x28040430; // 0x449f3b8ca6a
				_t132 = _t131 ^ _t159 - 0x000000b0;
				_v24 = _t132;
				_t134 = __rcx;
				E00007FF77FF72800B93C(__ecx, __eflags, _t132);
				_t155 = _t132;
				_t58 = E00007FF77FF728013B14(__rcx, __rdx, __r9);
				r9d = 0x78;
				asm("sbb edx, edx");
				_t85 = _t58;
				if (GetLocaleInfoA(??, ??, ??, ??) != 0) goto 0x28013d64;
				 *(_t155 + 0x150) = 0;
				goto 0x28013f59;
				if (E00007FF77FF728015C40(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x148)),  &_v152, _t156, __rbp,  &_v152, __r9) != 0) goto 0x28013e5c;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0x28013d54;
				if (E00007FF77FF728015C40(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, __rbp,  &_v152, __r9) != 0) goto 0x28013dd4;
				 *(_t155 + 0x150) =  *(_t155 + 0x150) | 0x00000304;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				goto 0x28013e56;
				if (( *(_t155 + 0x150) & 0x00000002) != 0) goto 0x28013e5c;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0x28013e2a;
				if (E00007FF77FF728015DF0(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, __rbp,  *((intOrPtr*)(_t155 + 0x154)), __r9) != 0) goto 0x28013e2a;
				 *(_t155 + 0x150) =  *(_t155 + 0x150) | 0x00000002;
				 *((intOrPtr*)(_t155 + 0x164)) = _t85;
				if (E00007FF77FF7280070C0(_t66,  *((intOrPtr*)(_t155 + 0x140))) !=  *((intOrPtr*)(_t155 + 0x154))) goto 0x28013e5c;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				goto 0x28013e5c;
				_t68 =  *(_t155 + 0x150);
				if ((_t68 & 0x00000001) != 0) goto 0x28013e5c;
				if (_t85 ==  *0x28032ab0) goto 0x28013e5c;
				if (1 - 0xa < 0) goto 0x28013e3d;
				 *(_t155 + 0x150) = _t68 | 0x00000001;
				 *((intOrPtr*)(_t155 + 0x164)) = _t85;
				if (( *(_t155 + 0x150) & 0x00000300) == 0x300) goto 0x28013f4b;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0x28013d54;
				if (E00007FF77FF728015C40(_t105, _t132, _t134,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, _t157,  &_v152, _t167) != 0) goto 0x28013efc;
				asm("bts dword [edi+0x150], 0x9");
				if ( *((intOrPtr*)(_t155 + 0x158)) == 0) goto 0x28013ed9;
				asm("bts eax, 0x8");
				goto 0x28013f3d;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0x28013f35;
				if (E00007FF77FF7280070C0( *(_t155 + 0x150),  *((intOrPtr*)(_t155 + 0x140))) !=  *((intOrPtr*)(_t155 + 0x154))) goto 0x28013f35;
				goto 0x28013f23;
				if ( *((intOrPtr*)(_t155 + 0x158)) != 0) goto 0x28013f4b;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0x28013f4b;
				if (E00007FF77FF728015C40(_t105, _t132, _t134,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, _t157,  &_v152, _t167) != 0) goto 0x28013f4b;
				_t49 = _t155 + 0x140; // 0x140
				if (E00007FF77FF728013C38(_t85, 0, _t134, _t49, _t167) == 0) goto 0x28013f4b;
				asm("bts dword [edi+0x150], 0x8");
				if ( *((intOrPtr*)(_t155 + 0x160)) != 0) goto 0x28013f4b;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				return E00007FF77FF728004050(_t85, _v24 ^ _t159 - 0x000000b0,  &_v152, _t49, _t167);
			}















                                                                                                                                                                                                    0x7ff728013cec
                                                                                                                                                                                                    0x7ff728013cec
                                                                                                                                                                                                    0x7ff728013cec
                                                                                                                                                                                                    0x7ff728013cf1
                                                                                                                                                                                                    0x7ff728013cfe
                                                                                                                                                                                                    0x7ff728013d05
                                                                                                                                                                                                    0x7ff728013d08
                                                                                                                                                                                                    0x7ff728013d10
                                                                                                                                                                                                    0x7ff728013d13
                                                                                                                                                                                                    0x7ff728013d1b
                                                                                                                                                                                                    0x7ff728013d1e
                                                                                                                                                                                                    0x7ff728013d30
                                                                                                                                                                                                    0x7ff728013d36
                                                                                                                                                                                                    0x7ff728013d3a
                                                                                                                                                                                                    0x7ff728013d52
                                                                                                                                                                                                    0x7ff728013d54
                                                                                                                                                                                                    0x7ff728013d5f
                                                                                                                                                                                                    0x7ff728013d77
                                                                                                                                                                                                    0x7ff728013d88
                                                                                                                                                                                                    0x7ff728013d92
                                                                                                                                                                                                    0x7ff728013da8
                                                                                                                                                                                                    0x7ff728013dbd
                                                                                                                                                                                                    0x7ff728013dbf
                                                                                                                                                                                                    0x7ff728013dc9
                                                                                                                                                                                                    0x7ff728013dcf
                                                                                                                                                                                                    0x7ff728013ddb
                                                                                                                                                                                                    0x7ff728013de3
                                                                                                                                                                                                    0x7ff728013dff
                                                                                                                                                                                                    0x7ff728013e08
                                                                                                                                                                                                    0x7ff728013e0f
                                                                                                                                                                                                    0x7ff728013e20
                                                                                                                                                                                                    0x7ff728013e22
                                                                                                                                                                                                    0x7ff728013e28
                                                                                                                                                                                                    0x7ff728013e2a
                                                                                                                                                                                                    0x7ff728013e32
                                                                                                                                                                                                    0x7ff728013e40
                                                                                                                                                                                                    0x7ff728013e4b
                                                                                                                                                                                                    0x7ff728013e50
                                                                                                                                                                                                    0x7ff728013e56
                                                                                                                                                                                                    0x7ff728013e6b
                                                                                                                                                                                                    0x7ff728013e7c
                                                                                                                                                                                                    0x7ff728013e86
                                                                                                                                                                                                    0x7ff728013e9c
                                                                                                                                                                                                    0x7ff728013eb5
                                                                                                                                                                                                    0x7ff728013eb7
                                                                                                                                                                                                    0x7ff728013ecb
                                                                                                                                                                                                    0x7ff728013ecd
                                                                                                                                                                                                    0x7ff728013ed7
                                                                                                                                                                                                    0x7ff728013edf
                                                                                                                                                                                                    0x7ff728013ef3
                                                                                                                                                                                                    0x7ff728013efa
                                                                                                                                                                                                    0x7ff728013f02
                                                                                                                                                                                                    0x7ff728013f0a
                                                                                                                                                                                                    0x7ff728013f1f
                                                                                                                                                                                                    0x7ff728013f23
                                                                                                                                                                                                    0x7ff728013f33
                                                                                                                                                                                                    0x7ff728013f35
                                                                                                                                                                                                    0x7ff728013f43
                                                                                                                                                                                                    0x7ff728013f45
                                                                                                                                                                                                    0x7ff728013f7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale$_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1743167714-0
                                                                                                                                                                                                    • Opcode ID: 0bc0ce5ffb63eeeb20c95d733831d935c457454a07d1c7dd2c0a88a1cc289cfb
                                                                                                                                                                                                    • Instruction ID: d8372a2bbfa8a9b988f3bcefe6f1d49e1f713113d98e39025f2fa80a65328572
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bc0ce5ffb63eeeb20c95d733831d935c457454a07d1c7dd2c0a88a1cc289cfb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49617C72B08A8697DA78AB20DD442E9F3A1FB88715F95113BD35D872C0DF3EE4648B14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280052E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF77FF7280052E8(void* __edi, void* __esi, intOrPtr* __rax, long long __rbx, signed long long* __rcx, intOrPtr* __rdx, long long __rsi, long long __rbp, signed long long __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				void* _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				char _v56;
				long long _v72;
				void* __rdi;
				intOrPtr* _t77;
				intOrPtr _t78;
				intOrPtr* _t79;
				signed long long _t80;
				intOrPtr* _t82;
				long long* _t84;
				intOrPtr* _t90;
				signed long long _t93;
				signed long long* _t95;
				long long _t103;
				long long _t109;

				_t97 = __rbp;
				_t90 = __rdx;
				_t84 = __rcx;
				_t77 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				r14d = 0;
				_t93 = __r8;
				_t82 = __rdx;
				_t95 = __rcx;
				if (__rdx != _t109) goto 0x2800531e;
				if (__r8 == _t109) goto 0x2800534e;
				goto 0x28005323;
				if (__r8 - _t109 > 0) goto 0x2800534a;
				E00007FF77FF7280078AC(__rax);
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				_v72 = _t109;
				E00007FF77FF728004430(__rax, __rdx, __rcx, __rdx, __rcx, __rbp, __r8);
				goto 0x2800547a;
				 *_t90 = r14w;
				if (_t84 == _t109) goto 0x28005356;
				 *_t84 = _t109;
				E00007FF77FF728004E5C(__rax,  &_v56, _a48);
				_t103 = _a40;
				_t104 =  >  ? _t93 : _t103;
				_t65 = ( >  ? _t93 : _t103) - 0x7fffffff;
				if (( >  ? _t93 : _t103) - 0x7fffffff <= 0) goto 0x280053b5;
				E00007FF77FF7280078AC(_t77);
				r9d = 0;
				r8d = 0;
				 *_t77 = 0x16;
				_v72 = _t109;
				E00007FF77FF728004430(_t77, _t82,  &_v56, _a48, _t95, _t97,  >  ? _t93 : _t103);
				if (_v32 == r14b) goto 0x28005343;
				_t78 = _v40;
				 *(_t78 + 0xc8) =  *(_t78 + 0xc8) & 0xfffffffd;
				goto 0x28005343;
				E00007FF77FF7280050E0(__edi, __esi, r14d, _t82, _t82, __r9, _t93, _t95,  >  ? _t93 : _t103,  &_v56);
				if (_t78 != 0xffffffff) goto 0x280053f7;
				if (_t82 == _t109) goto 0x280053d4;
				 *_t82 = r14w;
				E00007FF77FF7280078AC(_t78);
				if (_v32 == r14b) goto 0x2800547a;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				goto 0x2800547a;
				_t79 = _t78 + 1;
				if (_t82 == _t109) goto 0x2800545d;
				if (_t79 - _t93 <= 0) goto 0x28005457;
				if (_a40 == 0xffffffff) goto 0x2800544f;
				 *_t82 = r14w;
				E00007FF77FF7280078AC(_t79);
				r9d = 0;
				r8d = 0;
				 *_t79 = 0x22;
				_v72 = _t109;
				E00007FF77FF728004430(_t79, _t82, _v40, __r9, _t95, _t97,  >  ? _t93 : _t103);
				if (_v32 == r14b) goto 0x28005343;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				goto 0x28005343;
				_t80 = _t93;
				 *((intOrPtr*)(_t82 + _t80 * 2 - 2)) = r14w;
				if (_t95 == _t109) goto 0x28005465;
				 *_t95 = _t80;
				if (_v32 == r14b) goto 0x28005478;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				return 0x50;
			}




















                                                                                                                                                                                                    0x7ff7280052e8
                                                                                                                                                                                                    0x7ff7280052e8
                                                                                                                                                                                                    0x7ff7280052e8
                                                                                                                                                                                                    0x7ff7280052e8
                                                                                                                                                                                                    0x7ff7280052e8
                                                                                                                                                                                                    0x7ff7280052ed
                                                                                                                                                                                                    0x7ff7280052f2
                                                                                                                                                                                                    0x7ff728005300
                                                                                                                                                                                                    0x7ff728005306
                                                                                                                                                                                                    0x7ff728005309
                                                                                                                                                                                                    0x7ff72800530c
                                                                                                                                                                                                    0x7ff728005315
                                                                                                                                                                                                    0x7ff72800531a
                                                                                                                                                                                                    0x7ff72800531c
                                                                                                                                                                                                    0x7ff728005321
                                                                                                                                                                                                    0x7ff728005323
                                                                                                                                                                                                    0x7ff72800532d
                                                                                                                                                                                                    0x7ff728005330
                                                                                                                                                                                                    0x7ff728005337
                                                                                                                                                                                                    0x7ff728005339
                                                                                                                                                                                                    0x7ff72800533e
                                                                                                                                                                                                    0x7ff728005345
                                                                                                                                                                                                    0x7ff72800534a
                                                                                                                                                                                                    0x7ff728005351
                                                                                                                                                                                                    0x7ff728005353
                                                                                                                                                                                                    0x7ff728005363
                                                                                                                                                                                                    0x7ff728005368
                                                                                                                                                                                                    0x7ff728005373
                                                                                                                                                                                                    0x7ff728005377
                                                                                                                                                                                                    0x7ff72800537e
                                                                                                                                                                                                    0x7ff728005380
                                                                                                                                                                                                    0x7ff72800538a
                                                                                                                                                                                                    0x7ff72800538d
                                                                                                                                                                                                    0x7ff728005394
                                                                                                                                                                                                    0x7ff728005396
                                                                                                                                                                                                    0x7ff72800539b
                                                                                                                                                                                                    0x7ff7280053a5
                                                                                                                                                                                                    0x7ff7280053a7
                                                                                                                                                                                                    0x7ff7280053ac
                                                                                                                                                                                                    0x7ff7280053b3
                                                                                                                                                                                                    0x7ff7280053c0
                                                                                                                                                                                                    0x7ff7280053c9
                                                                                                                                                                                                    0x7ff7280053ce
                                                                                                                                                                                                    0x7ff7280053d0
                                                                                                                                                                                                    0x7ff7280053d4
                                                                                                                                                                                                    0x7ff7280053e0
                                                                                                                                                                                                    0x7ff7280053eb
                                                                                                                                                                                                    0x7ff7280053f2
                                                                                                                                                                                                    0x7ff7280053f7
                                                                                                                                                                                                    0x7ff7280053fd
                                                                                                                                                                                                    0x7ff728005402
                                                                                                                                                                                                    0x7ff72800540d
                                                                                                                                                                                                    0x7ff72800540f
                                                                                                                                                                                                    0x7ff728005413
                                                                                                                                                                                                    0x7ff72800541d
                                                                                                                                                                                                    0x7ff728005420
                                                                                                                                                                                                    0x7ff728005427
                                                                                                                                                                                                    0x7ff728005429
                                                                                                                                                                                                    0x7ff72800542e
                                                                                                                                                                                                    0x7ff728005438
                                                                                                                                                                                                    0x7ff728005443
                                                                                                                                                                                                    0x7ff72800544a
                                                                                                                                                                                                    0x7ff72800544f
                                                                                                                                                                                                    0x7ff728005457
                                                                                                                                                                                                    0x7ff728005460
                                                                                                                                                                                                    0x7ff728005462
                                                                                                                                                                                                    0x7ff72800546a
                                                                                                                                                                                                    0x7ff728005471
                                                                                                                                                                                                    0x7ff728005493

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2310398763-0
                                                                                                                                                                                                    • Opcode ID: 969b6b03ac756c984ef9ddfa99fd8f5d4939811ed42fda2eef39814d5a7e2c3c
                                                                                                                                                                                                    • Instruction ID: 539d1927761b1db4e040d6ffcac46b0e37162530e1932b952258137360a03e4a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 969b6b03ac756c984ef9ddfa99fd8f5d4939811ed42fda2eef39814d5a7e2c3c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56419532A0C68241E770AF25AC4167EF660FB457A4F944232EBBC276D5CE7ED4418F19
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728007DC8 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                                                                                    			E00007FF77FF728007DC8(void* __rax) {
				long long _v0;
				char _v1240;
				long long _v1384;
				char _v1400;
				long long _v1408;
				long long _v1416;
				void* _t17;
				signed int _t22;
				void* _t33;
				void* _t37;
				void* _t38;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t48;
				void* _t49;
				void* _t50;

				_t33 = __rax;
				if (( *0x280403f0 & 0x00000001) == 0) goto 0x28007de2;
				E00007FF77FF72800BD28(0xa, _t37, _t43, _t44, _t45, _t49, _t50);
				E00007FF77FF7280101A8(0xa,  *0x280403f0 & 0x00000001, _t33, _t37, _t42, _t44, _t45, _t48);
				if (_t33 == 0) goto 0x28007df6;
				_t17 = E00007FF77FF7280101B4(0x16, _t33, _t33, _t37, _t38, _t42, _t44, _t45, _t48);
				if (( *0x280403f0 & 0x00000002) == 0) goto 0x28007e5e;
				__imp__RtlCaptureContext();
				r8d = 0x98;
				E00007FF77FF72800B240(_t17, 0x16, 0,  &_v1400, _t42, _t48);
				_v1384 = _v0;
				_v1400 = 0x40000015;
				_v1416 =  &_v1400;
				_v1408 =  &_v1240;
				SetUnhandledExceptionFilter(??);
				UnhandledExceptionFilter(??);
				E00007FF77FF7280058E4( &_v1240, _t42, _t48);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t22 =  *0x280403f0; // 0x3
				r8d = 0;
				r8d =  !r8d;
				r8d = r8d & _t22;
				r8d = r8d;
				 *0x280403f0 = r8d;
				return _t22;
			}





















                                                                                                                                                                                                    0x7ff728007dc8
                                                                                                                                                                                                    0x7ff728007dd6
                                                                                                                                                                                                    0x7ff728007ddd
                                                                                                                                                                                                    0x7ff728007de2
                                                                                                                                                                                                    0x7ff728007dea
                                                                                                                                                                                                    0x7ff728007df1
                                                                                                                                                                                                    0x7ff728007dfd
                                                                                                                                                                                                    0x7ff728007e07
                                                                                                                                                                                                    0x7ff728007e14
                                                                                                                                                                                                    0x7ff728007e1a
                                                                                                                                                                                                    0x7ff728007e29
                                                                                                                                                                                                    0x7ff728007e33
                                                                                                                                                                                                    0x7ff728007e3b
                                                                                                                                                                                                    0x7ff728007e48
                                                                                                                                                                                                    0x7ff728007e4d
                                                                                                                                                                                                    0x7ff728007e58
                                                                                                                                                                                                    0x7ff728007e63
                                                                                                                                                                                                    0x7ff728007e68
                                                                                                                                                                                                    0x7ff728007e69
                                                                                                                                                                                                    0x7ff728007e6a
                                                                                                                                                                                                    0x7ff728007e6b
                                                                                                                                                                                                    0x7ff728007e6c
                                                                                                                                                                                                    0x7ff728007e72
                                                                                                                                                                                                    0x7ff728007e77
                                                                                                                                                                                                    0x7ff728007e7a
                                                                                                                                                                                                    0x7ff728007e7d
                                                                                                                                                                                                    0x7ff728007e80
                                                                                                                                                                                                    0x7ff728007e87

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlCaptureContext.KERNEL32 ref: 00007FF728007E07
                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF728007E4D
                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32 ref: 00007FF728007E58
                                                                                                                                                                                                      • Part of subcall function 00007FF72800BD28: GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF72800BF84,?,?,?,?,00007FF7280048E5,?,?,00000000,00007FF72800A598), ref: 00007FF72800BDEB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextFileModuleName
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2731829486-0
                                                                                                                                                                                                    • Opcode ID: debd26cd0c4cef6c731ff63eb1ad758df596568ae4c31ee477f4fbe37bc1369f
                                                                                                                                                                                                    • Instruction ID: 62fcb28148fead5ae5c5acb94821bcf0e7de80bd846f6c89e9b8dd0776e9be97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: debd26cd0c4cef6c731ff63eb1ad758df596568ae4c31ee477f4fbe37bc1369f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E016121A0DA8686E675BB50EC557BAE3A0FF85304F800137EA9E066D5DF3EE5048F25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728013F80 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                                                                    			E00007FF77FF728013F80(void* __ecx, void* __edx, void* __eflags, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a16) {
				signed int _v24;
				char _v152;
				signed int _t24;
				signed int _t25;
				void* _t27;
				signed int _t35;
				void* _t46;
				signed long long _t56;
				signed long long _t57;
				signed long long _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t78 = __r9;
				_a16 = __rbx;
				_t56 =  *0x28040430; // 0x449f3b8ca6a
				_t57 = _t56 ^ _t73 - 0x000000b0;
				_v24 = _t57;
				E00007FF77FF72800B93C(__ecx, __eflags, _t57);
				_t70 = _t57;
				_t24 = E00007FF77FF728013B14(__rcx, __rdx, __r9);
				r9d = 0x78;
				asm("sbb edx, edx");
				_t35 = _t24;
				_t25 = GetLocaleInfoA(??, ??, ??, ??);
				if (_t25 != 0) goto 0x28013fee;
				 *(_t70 + 0x150) =  *(_t70 + 0x150) & _t25;
				goto 0x2801406c;
				_t27 = E00007FF77FF728015C40(_t46, _t57, __rcx,  *((intOrPtr*)(_t70 + 0x140)),  &_v152, _t71, _t72,  &_v152, __r9);
				if (_t27 != 0) goto 0x28014010;
				if ( *((intOrPtr*)(_t70 + 0x158)) != _t27) goto 0x2801404b;
				goto 0x28014039;
				if ( *((intOrPtr*)(_t70 + 0x158)) != 0) goto 0x2801405e;
				if ( *((intOrPtr*)(_t70 + 0x154)) == 0) goto 0x2801405e;
				if (E00007FF77FF728015C40(_t46, _t57, __rcx,  *((intOrPtr*)(_t70 + 0x140)),  &_v152, _t71, _t72,  &_v152, __r9) != 0) goto 0x2801405e;
				_t15 = _t70 + 0x140; // 0x140
				if (E00007FF77FF728013C38(_t35, 0, __rcx, _t15, __r9) == 0) goto 0x2801405e;
				 *(_t70 + 0x150) =  *(_t70 + 0x150) | 0x00000004;
				 *((intOrPtr*)(_t70 + 0x160)) = _t35;
				 *((intOrPtr*)(_t70 + 0x164)) = _t35;
				return E00007FF77FF728004050(_t35, _v24 ^ _t73 - 0x000000b0,  &_v152, _t15, _t78);
			}
















                                                                                                                                                                                                    0x7ff728013f80
                                                                                                                                                                                                    0x7ff728013f80
                                                                                                                                                                                                    0x7ff728013f8d
                                                                                                                                                                                                    0x7ff728013f94
                                                                                                                                                                                                    0x7ff728013f97
                                                                                                                                                                                                    0x7ff728013fa2
                                                                                                                                                                                                    0x7ff728013faa
                                                                                                                                                                                                    0x7ff728013fad
                                                                                                                                                                                                    0x7ff728013fbf
                                                                                                                                                                                                    0x7ff728013fc5
                                                                                                                                                                                                    0x7ff728013fc9
                                                                                                                                                                                                    0x7ff728013fd7
                                                                                                                                                                                                    0x7ff728013fdf
                                                                                                                                                                                                    0x7ff728013fe1
                                                                                                                                                                                                    0x7ff728013fec
                                                                                                                                                                                                    0x7ff728013ffa
                                                                                                                                                                                                    0x7ff728014001
                                                                                                                                                                                                    0x7ff728014009
                                                                                                                                                                                                    0x7ff72801400e
                                                                                                                                                                                                    0x7ff728014017
                                                                                                                                                                                                    0x7ff728014020
                                                                                                                                                                                                    0x7ff728014035
                                                                                                                                                                                                    0x7ff728014039
                                                                                                                                                                                                    0x7ff728014049
                                                                                                                                                                                                    0x7ff72801404b
                                                                                                                                                                                                    0x7ff728014052
                                                                                                                                                                                                    0x7ff728014058
                                                                                                                                                                                                    0x7ff72801408c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3731964398-0
                                                                                                                                                                                                    • Opcode ID: 8215a528e03593ee6d7b746b53d1d61c556e40d2f5d1c02d57fb3af718ca9510
                                                                                                                                                                                                    • Instruction ID: 417d2515b7fdb34d13ba7d0d1d61a328c431474bfe2a5367fea196d11f20eae8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8215a528e03593ee6d7b746b53d1d61c556e40d2f5d1c02d57fb3af718ca9510
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721B632B08A8186EB79AB22DD013E9F391FB84755F849036C75C4B2D0EF3EE4548A14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728013B50 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF77FF728013B50(void* __ecx, void* __edx, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r9, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v152;
				signed int _t20;
				void* _t38;
				signed int _t39;
				signed long long _t46;
				signed long long _t47;
				signed long long _t60;
				void* _t63;
				void* _t64;

				_a16 = __rbx;
				_a24 = __rsi;
				_t46 =  *0x28040430; // 0x449f3b8ca6a
				_t47 = _t46 ^ _t64 - 0x000000b0;
				_v24 = _t47;
				E00007FF77FF72800B93C(__ecx, __eflags, _t47);
				_t60 = _t47;
				_t20 = E00007FF77FF728013B14(__rcx, __rdx, __r9);
				r9d = 0x78;
				asm("sbb edx, edx");
				_t39 = _t20;
				if (GetLocaleInfoA(??, ??, ??, ??) != 0) goto 0x28013bc3;
				 *(_t60 + 0x150) = 0;
				goto 0x28013c10;
				if (E00007FF77FF728015C40(_t38, _t47, __rcx,  *((intOrPtr*)(_t60 + 0x148)),  &_v152, __rsi, _t63,  &_v152, __r9) != 0) goto 0x28013c02;
				if (_t39 ==  *0x28032ab0) goto 0x28013c02;
				if (1 - 0xa < 0) goto 0x28013bdf;
				 *(_t60 + 0x150) =  *(_t60 + 0x150) | 0x00000004;
				 *((intOrPtr*)(_t60 + 0x164)) = _t39;
				 *((intOrPtr*)(_t60 + 0x160)) = _t39;
				return E00007FF77FF728004050(_t20, _v24 ^ _t64 - 0x000000b0,  &_v152,  &_v152, __r9);
			}














                                                                                                                                                                                                    0x7ff728013b50
                                                                                                                                                                                                    0x7ff728013b55
                                                                                                                                                                                                    0x7ff728013b62
                                                                                                                                                                                                    0x7ff728013b69
                                                                                                                                                                                                    0x7ff728013b6c
                                                                                                                                                                                                    0x7ff728013b77
                                                                                                                                                                                                    0x7ff728013b7f
                                                                                                                                                                                                    0x7ff728013b82
                                                                                                                                                                                                    0x7ff728013b94
                                                                                                                                                                                                    0x7ff728013b9a
                                                                                                                                                                                                    0x7ff728013b9e
                                                                                                                                                                                                    0x7ff728013bb6
                                                                                                                                                                                                    0x7ff728013bb8
                                                                                                                                                                                                    0x7ff728013bc1
                                                                                                                                                                                                    0x7ff728013bd6
                                                                                                                                                                                                    0x7ff728013be2
                                                                                                                                                                                                    0x7ff728013bed
                                                                                                                                                                                                    0x7ff728013bef
                                                                                                                                                                                                    0x7ff728013bf6
                                                                                                                                                                                                    0x7ff728013bfc
                                                                                                                                                                                                    0x7ff728013c34

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3731964398-0
                                                                                                                                                                                                    • Opcode ID: 3725f289b4d2ea193df2ce5123be0ff46d713da7cc956edd8377e18af458a1f1
                                                                                                                                                                                                    • Instruction ID: c5cd0519a14c3e948b63a44d5c443fb3711c2f7d14ab820a75a2ec8f8d7672b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3725f289b4d2ea193df2ce5123be0ff46d713da7cc956edd8377e18af458a1f1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B218032B08A8186EB38AB20DC457EAF3A1F788744F845136DA5D47784EF3DE515CB54
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728016130 Relevance: 2.5, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                                                    			E00007FF77FF728016130(void* __edx, long long __rbx, long long* __rcx, long long _a8) {
				intOrPtr _t21;
				intOrPtr* _t27;
				void* _t30;
				void* _t31;
				void* _t36;

				_a8 = __rbx;
				 *__rcx = 0x28033448;
				_t27 =  *((intOrPtr*)(__rcx + 0x10));
				if (_t27 == 0) goto 0x28016158;
				_t21 =  *_t27;
				 *((intOrPtr*)(_t21 + 0x10))();
				if ( *((long long*)(__rcx + 0x18)) == 0) goto 0x28016179;
				GetProcessHeap();
				if (_t21 == 0) goto 0x28016179;
				HeapFree(??, ??, ??);
				if ((dil & 0x00000001) == 0) goto 0x28016187;
				return E00007FF77FF7280044D8(_t21, __rcx, __rcx, _t30, _t31,  *((intOrPtr*)(__rcx + 0x18)), _t36);
			}








                                                                                                                                                                                                    0x7ff728016130
                                                                                                                                                                                                    0x7ff728016146
                                                                                                                                                                                                    0x7ff728016149
                                                                                                                                                                                                    0x7ff728016150
                                                                                                                                                                                                    0x7ff728016152
                                                                                                                                                                                                    0x7ff728016155
                                                                                                                                                                                                    0x7ff72801615d
                                                                                                                                                                                                    0x7ff72801615f
                                                                                                                                                                                                    0x7ff728016168
                                                                                                                                                                                                    0x7ff728016173
                                                                                                                                                                                                    0x7ff72801617d
                                                                                                                                                                                                    0x7ff728016194

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: abc43507a184f9aad586457a4dc26510dd4a0684112c33de886ce8e42ca2526c
                                                                                                                                                                                                    • Instruction ID: c018e656193cee2bb5c98187a8784403c98de9a05b8b1af43f5ee34af2b3eadb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: abc43507a184f9aad586457a4dc26510dd4a0684112c33de886ce8e42ca2526c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F06821A05A0285EB69AF96EC45378E360EF88F54F9D4436C92D073D2DE3DD494C754
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728013C38 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF77FF728013C38(signed int __ecx, void* __edx, long long __rbx, intOrPtr* __r8, void* __r9, long long _a16) {
				signed int _v40;
				char _v168;
				intOrPtr _t11;
				signed int _t19;
				void* _t22;
				signed int _t23;
				signed long long _t32;
				void* _t42;
				intOrPtr* _t43;
				void* _t44;

				_t49 = __r9;
				_a16 = __rbx;
				_t32 =  *0x28040430; // 0x449f3b8ca6a
				_v40 = _t32 ^ _t44 - 0x000000b0;
				_t23 = __ecx;
				r9d = 0x78;
				_t19 = __ecx & 0x000003ff;
				_t43 = __r8;
				_t22 = __edx;
				asm("bts ecx, 0xa");
				if (GetLocaleInfoA(??, ??, ??, ??) != 0) goto 0x28013c89;
				goto 0x28013cc8;
				if (_t23 == E00007FF77FF728013B14( &_v168, _t42, __r9)) goto 0x28013cc3;
				if (_t22 == 0) goto 0x28013cc3;
				_t11 =  *((intOrPtr*)( *_t43));
				if (_t11 - 0x41 < 0) goto 0x28013cac;
				if (_t11 - 0x5a <= 0) goto 0x28013cb2;
				if (_t11 - 0x61 - 0x19 > 0) goto 0x28013cb6;
				goto 0x28013c9f;
				if (1 == E00007FF77FF7280070C0(_t11 - 0x61,  *_t43)) goto 0x28013c85;
				return E00007FF77FF728004050(_t19, _v40 ^ _t44 - 0x000000b0, _t42,  &_v168, _t49);
			}













                                                                                                                                                                                                    0x7ff728013c38
                                                                                                                                                                                                    0x7ff728013c38
                                                                                                                                                                                                    0x7ff728013c47
                                                                                                                                                                                                    0x7ff728013c51
                                                                                                                                                                                                    0x7ff728013c59
                                                                                                                                                                                                    0x7ff728013c5b
                                                                                                                                                                                                    0x7ff728013c61
                                                                                                                                                                                                    0x7ff728013c67
                                                                                                                                                                                                    0x7ff728013c6a
                                                                                                                                                                                                    0x7ff728013c75
                                                                                                                                                                                                    0x7ff728013c83
                                                                                                                                                                                                    0x7ff728013c87
                                                                                                                                                                                                    0x7ff728013c95
                                                                                                                                                                                                    0x7ff728013c99
                                                                                                                                                                                                    0x7ff728013c9f
                                                                                                                                                                                                    0x7ff728013ca6
                                                                                                                                                                                                    0x7ff728013caa
                                                                                                                                                                                                    0x7ff728013cb0
                                                                                                                                                                                                    0x7ff728013cb4
                                                                                                                                                                                                    0x7ff728013cc1
                                                                                                                                                                                                    0x7ff728013cea

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                    • Opcode ID: 561f16ab229c201782425c5e858161fb2405d6ba09c4687a7d6224523272dac9
                                                                                                                                                                                                    • Instruction ID: 8f691e7b4780af48fbfda460cd094ecc9fc3c9cf01093f7f4f34b28ff59cc760
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 561f16ab229c201782425c5e858161fb2405d6ba09c4687a7d6224523272dac9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0511EB32A0858645EF707724EC503FBE350EB84758FC95533DA4D472C5EE2EE5468B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014090 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                                                                    			E00007FF77FF728014090(void* __rax, intOrPtr* __rcx) {
				void* _t18;
				void* _t19;
				int _t21;
				signed int _t30;
				void* _t33;

				_t33 = __rax;
				_t19 = E00007FF77FF7280070C0(_t18,  *__rcx);
				 *(__rcx + 0x18) = 0 | _t33 == 0x00000003;
				E00007FF77FF7280070C0(_t19,  *((intOrPtr*)(__rcx + 8)));
				 *(__rcx + 0x20) =  *(__rcx + 0x20) & 0x00000000;
				_t30 =  *(__rcx + 0x18);
				 *(__rcx + 0x1c) = 0 | _t33 == 0x00000003;
				if (_t30 == 0) goto 0x28014104;
				 *((intOrPtr*)(__rcx + 0x14)) = 2;
				_t21 = EnumSystemLocalesA(??, ??);
				asm("bt dword [ebx+0x10], 0x8");
				if (_t30 >= 0) goto 0x280140fa;
				asm("bt dword [ebx+0x10], 0x9");
				if (_t30 >= 0) goto 0x280140fa;
				if (( *(__rcx + 0x10) & 0x00000007) != 0) goto 0x280140fe;
				 *(__rcx + 0x10) =  *(__rcx + 0x10) & 0x00000000;
				return _t21;
			}








                                                                                                                                                                                                    0x7ff728014090
                                                                                                                                                                                                    0x7ff72801409c
                                                                                                                                                                                                    0x7ff7280140ae
                                                                                                                                                                                                    0x7ff7280140b1
                                                                                                                                                                                                    0x7ff7280140bf
                                                                                                                                                                                                    0x7ff7280140c3
                                                                                                                                                                                                    0x7ff7280140c7
                                                                                                                                                                                                    0x7ff7280140ca
                                                                                                                                                                                                    0x7ff7280140d1
                                                                                                                                                                                                    0x7ff7280140e0
                                                                                                                                                                                                    0x7ff7280140e6
                                                                                                                                                                                                    0x7ff7280140eb
                                                                                                                                                                                                    0x7ff7280140ed
                                                                                                                                                                                                    0x7ff7280140f2
                                                                                                                                                                                                    0x7ff7280140f8
                                                                                                                                                                                                    0x7ff7280140fa
                                                                                                                                                                                                    0x7ff728014103

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnumSystemLocalesA.KERNEL32(?,?,00000140,00007FF728014262,?,?,?,?,00000000,00007FF728008850), ref: 00007FF7280140E0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                    • Opcode ID: 652e2adc2ef40ec4f417bb9152526422ec59cf4ea67f75d0aec53b619a148058
                                                                                                                                                                                                    • Instruction ID: ed6bc169eaa678995969fd3165d76e888f655d95e9e744d5894a9d1442c509f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 652e2adc2ef40ec4f417bb9152526422ec59cf4ea67f75d0aec53b619a148058
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D110672E08A018BFB29AF31CC55379E292FB54F19F549432C60D022D5DF7ED594CA98
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014124 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                    			E00007FF77FF728014124(void* __rax, intOrPtr* __rcx) {
				void* _t11;
				int _t13;
				signed int _t15;
				void* _t22;

				_t22 = __rax;
				E00007FF77FF7280070C0(_t11,  *__rcx);
				_t15 = 0 | _t22 == 0x00000003;
				 *(__rcx + 0x18) = _t15;
				if (_t15 == 0) goto 0x2801416f;
				 *((intOrPtr*)(__rcx + 0x14)) = 2;
				_t13 = EnumSystemLocalesA(??, ??);
				if (( *(__rcx + 0x10) & 0x00000004) != 0) goto 0x28014169;
				 *(__rcx + 0x10) =  *(__rcx + 0x10) & 0x00000000;
				return _t13;
			}







                                                                                                                                                                                                    0x7ff728014124
                                                                                                                                                                                                    0x7ff728014130
                                                                                                                                                                                                    0x7ff72801413b
                                                                                                                                                                                                    0x7ff72801413e
                                                                                                                                                                                                    0x7ff728014143
                                                                                                                                                                                                    0x7ff72801414a
                                                                                                                                                                                                    0x7ff728014159
                                                                                                                                                                                                    0x7ff728014163
                                                                                                                                                                                                    0x7ff728014165
                                                                                                                                                                                                    0x7ff72801416e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnumSystemLocalesA.KERNEL32(?,?,00000140,00007FF72801422A,?,?,?,?,00000000,00007FF728008850), ref: 00007FF728014159
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                    • Opcode ID: 3d5422c1ba3494a547b773480a24b884cd67a5761106213dd57e8685c9b22a05
                                                                                                                                                                                                    • Instruction ID: 4690d46e9c8c428a1165485128ff39a44022bef0409d7257dfaa2fd9718c660f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d5422c1ba3494a547b773480a24b884cd67a5761106213dd57e8685c9b22a05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDF0F962F049064AF738AB31CC113B6E393FBA4B15F98D032C60C022D5DE7ED4918A58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728015554 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 28%
                                                                                                                                                                                                    			E00007FF77FF728015554(void* __edx, void* __eflags, long long __rbx, void* __rcx, long long __rsi, void* __r9, long long _a8, long long _a16, intOrPtr _a40) {
				char _v16;
				intOrPtr _v24;
				char _v40;
				int _t12;
				long long _t21;

				_a8 = __rbx;
				_a16 = __rsi;
				E00007FF77FF728004E5C(_t21,  &_v40, __rcx);
				r9d = _a40;
				_t12 = GetLocaleInfoW(??, ??, ??, ??);
				if (_v16 == 0) goto 0x2801559d;
				 *(_v24 + 0xc8) =  *(_v24 + 0xc8) & 0xfffffffd;
				return _t12;
			}








                                                                                                                                                                                                    0x7ff728015554
                                                                                                                                                                                                    0x7ff728015559
                                                                                                                                                                                                    0x7ff728015573
                                                                                                                                                                                                    0x7ff728015578
                                                                                                                                                                                                    0x7ff728015584
                                                                                                                                                                                                    0x7ff72801558f
                                                                                                                                                                                                    0x7ff728015596
                                                                                                                                                                                                    0x7ff7280155ac

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3731964398-0
                                                                                                                                                                                                    • Opcode ID: 273c0c3762a87635050a4efb665b572f58bd5e5aebf2acfdd310a93b0c4f2c57
                                                                                                                                                                                                    • Instruction ID: c387ead4021b1d2c587593773eeabbbc7b034b16cffccabe8f15af6982553444
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 273c0c3762a87635050a4efb665b572f58bd5e5aebf2acfdd310a93b0c4f2c57
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9F05422A18BC082D7119B15E84455AE761F7C4BE4F584221EBAD57B99DF2CC8518F44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280147E8 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                                                                    			E00007FF77FF7280147E8(void* __ebx, signed int __ecx, void* __r9) {
				signed int _v16;
				char _v18;
				char _v24;
				signed long long _t15;
				void* _t20;
				signed long long _t21;

				_t15 =  *0x28040430; // 0x449f3b8ca6a
				_v16 = _t15 ^ _t21;
				r9d = 6;
				_v18 = 0;
				if (GetLocaleInfoA(??, ??, ??, ??) != 0) goto 0x2801481f;
				goto 0x28014829;
				E00007FF77FF728004984(_t15 ^ _t21, _t20);
				return E00007FF77FF728004050(__ecx, _v16 ^ _t21, _t20,  &_v24, __r9);
			}









                                                                                                                                                                                                    0x7ff7280147ec
                                                                                                                                                                                                    0x7ff7280147f6
                                                                                                                                                                                                    0x7ff728014800
                                                                                                                                                                                                    0x7ff72801480b
                                                                                                                                                                                                    0x7ff728014818
                                                                                                                                                                                                    0x7ff72801481d
                                                                                                                                                                                                    0x7ff728014824
                                                                                                                                                                                                    0x7ff72801483a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                    • Opcode ID: 9478a0754d96ab441e65dc32299cb2b76fe1b23b54e2c58b5c9fa0f16241b3d4
                                                                                                                                                                                                    • Instruction ID: 5bd74933fc38e92d7cc2a215bb8b66385de8949670b5969aad693f31b782d80c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9478a0754d96ab441e65dc32299cb2b76fe1b23b54e2c58b5c9fa0f16241b3d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAE03021A1C98181F630B721EC113AAE650EF9875CFD04233DA9C566E5DE3ED105CF18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800BD10 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                    • Opcode ID: f397d1fdbb08d3cb22f24e9ce4b848354adc2b7f56e0debdcf051eeacf6740ea
                                                                                                                                                                                                    • Instruction ID: c2a82e20f854878cf486a52e4dcc1217dfab6f499c853b72d17b211c6578cc3d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f397d1fdbb08d3cb22f24e9ce4b848354adc2b7f56e0debdcf051eeacf6740ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCB01210F1E443C1D715BB21EC95461E2A0FF6C300FD00832C00D802A0EF6D919B8F24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728012F18 Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: ecc7a25734b82c8a69be3194843af15d0c5e0e132872565f55c5672a604358f9
                                                                                                                                                                                                    • Instruction ID: 54a48a0230ab1e28c4c6bd628cd587ef2c9ad6ca641f03e99716925b504fbeea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecc7a25734b82c8a69be3194843af15d0c5e0e132872565f55c5672a604358f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28419622E1688381EA64BBB1CC512BCE724EFC4F48F458433E95D4B1E7CE1AD845976C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280105C4 Relevance: 30.5, APIs: 20, Instructions: 485COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF77FF7280105C4(void* __eax, signed int __ecx, void* __esi, long long __rdx, void* __r8, signed int _a8, long long _a16, char _a24, char _a32, char _a33) {
				long long _v88;
				unsigned int _v96;
				signed int _v100;
				intOrPtr _v104;
				unsigned int _v112;
				long long _v120;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t237;
				signed char _t240;
				signed short _t251;
				void* _t259;
				int _t266;
				void* _t268;
				signed int _t269;
				void* _t279;
				signed int _t286;
				unsigned int _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				signed int _t292;
				void* _t293;
				signed short _t300;
				char _t301;
				char _t302;
				signed int _t312;
				signed int _t313;
				void* _t341;
				void* _t346;
				signed short* _t417;
				intOrPtr _t419;
				intOrPtr _t424;
				intOrPtr _t425;
				long long _t427;
				char* _t430;
				intOrPtr* _t432;
				intOrPtr _t434;
				intOrPtr* _t440;
				intOrPtr* _t443;
				void* _t444;
				signed short* _t445;
				signed short* _t446;
				signed short* _t447;
				signed char* _t449;
				signed char* _t450;
				signed char* _t451;
				signed char* _t453;
				signed short* _t457;
				signed short* _t458;
				intOrPtr _t461;
				intOrPtr _t466;
				char* _t476;
				long long _t485;
				signed long long _t487;
				void* _t488;
				void* _t492;
				signed short* _t507;
				signed short* _t508;
				intOrPtr* _t511;
				signed short* _t512;
				signed short* _t513;
				signed short* _t516;
				signed short* _t518;
				signed long long _t520;
				void* _t521;
				void* _t523;

				_t492 = __r8;
				_t474 = __rdx;
				_a16 = __rdx;
				_a8 = __ecx;
				r12d = 0xfffffffe;
				_t417 = __ecx;
				_t286 = r8d;
				_v100 = r12d;
				_v96 = _t286;
				if (__eax != r12d) goto 0x28010610;
				E00007FF77FF7280078CC(__ecx);
				 *__ecx = 0;
				_t237 = E00007FF77FF7280078AC(__ecx);
				 *__ecx = 9;
				goto 0x28010d2f;
				if (_t237 < 0) goto 0x28010d09;
				_t341 = _t237 -  *0x280489c0; // 0x20
				if (_t341 >= 0) goto 0x28010d09;
				_t520 = __ecx >> 5;
				_t461 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				_t487 = __ecx * 0x58;
				if (( *(_t461 + _t487 + 8) & 0x00000001) == 0) goto 0x28010d09;
				if (_t286 - 0x7fffffff <= 0) goto 0x28010671;
				E00007FF77FF7280078CC(__ecx);
				 *__ecx = 0;
				_t240 = E00007FF77FF7280078AC(__ecx);
				 *__ecx = 0x16;
				goto 0x28010d1b;
				if (_t286 == 0) goto 0x28010d05;
				if ((_t240 & 0x00000002) != 0) goto 0x28010d05;
				_t346 = __rdx - _t485;
				if (_t346 == 0) goto 0x2801065a;
				r15b =  *(_t461 + _t487 + 0x38);
				r8d = 4;
				r15b = r15b + r15b;
				r15b = r15b >> 1;
				if (_t346 == 0) goto 0x280106b7;
				if (_t346 != 0) goto 0x280106b2;
				if (( !_t286 & 0x00000001) == 0) goto 0x2801065a;
				_t287 = _t286 & 0xfffffffe;
				goto 0x2801071b;
				if (( !_t287 & 0x00000001) == 0) goto 0x2801065a;
				_t289 =  <  ? r8d : _t287 >> 1;
				E00007FF77FF72800A574(0, __ecx, _t444, _t461, _t487, _t488);
				_t518 = _t417;
				if (_t417 != _t485) goto 0x280106f2;
				E00007FF77FF7280078AC(_t417);
				 *_t417 = 0xc;
				E00007FF77FF7280078CC(_t417);
				 *_t417 = 8;
				goto 0x28010d2f;
				_t22 = _t474 + 1; // 0x1
				r8d = _t22;
				E00007FF77FF728014D74(_t289, _a8, _t417, _t444, __rdx);
				 *( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x40) = _t417;
				_t419 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				r8d = 0xa;
				if (( *(_t419 + _t487 + 8) & 0x00000048) == 0) goto 0x280107d3;
				_t300 =  *((intOrPtr*)(_t419 + _t487 + 9));
				if (_t300 == r8b) goto 0x280107d3;
				if (_t289 == 0) goto 0x280107d3;
				 *_t518 = _t300;
				r10d = r10d | 0xffffffff;
				_t290 = _t289 + r10d;
				_t41 =  &(_t518[0]); // 0x1
				_t476 = _t41;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 9)) = r8b;
				if (r15b == dil) goto 0x280107d3;
				_t301 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39));
				if (_t301 == r8b) goto 0x280107d3;
				if (_t290 == 0) goto 0x280107d3;
				 *_t476 = _t301;
				_t291 = _t290 + r10d;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) = r8b;
				if (r15b != 1) goto 0x280107d3;
				_t302 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a));
				if (_t302 == r8b) goto 0x280107d3;
				if (_t291 == 0) goto 0x280107d3;
				 *((char*)(_t476 + 1)) = _t302;
				_t424 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				_t64 = _t492 - 7; // -6
				_t292 = _t291 + r10d;
				 *((intOrPtr*)(_t424 + _t487 + 0x3a)) = r8b;
				r8d = _t292;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) == 0) goto 0x28010cc9;
				if (0 < 0) goto 0x28010cc9;
				if (_v104 - _t424 > 0) goto 0x28010cc9;
				_t425 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				if (( *(_t425 + _t487 + 8) & 0x00000080) == 0) goto 0x28010ca7;
				if (r15b == 2) goto 0x28010af0;
				if (0 == 0) goto 0x2801084a;
				if ( *_t518 != 0xa) goto 0x2801084a;
				 *(_t425 + _t487 + 8) =  *(_t425 + _t487 + 8) | 0x00000004;
				goto 0x2801084f;
				 *(_t425 + _t487 + 8) =  *(_t425 + _t487 + 8) & 0x000000fb;
				_t445 = _t518;
				_t507 = _t518;
				_t427 = _t64 + _t518;
				_v88 = _t427;
				if (_t518 - _t427 >= 0) goto 0x280109a3;
				_t251 =  *_t507;
				if (_t251 == 0x1a) goto 0x28010984;
				if (_t251 == bpl) goto 0x2801088c;
				 *_t445 = _t251;
				_t446 =  &(_t445[0]);
				_t508 =  &(_t507[0]);
				goto 0x28010977;
				if (_t508 - _v88 - 1 >= 0) goto 0x280108b4;
				_t92 =  &(_t508[0]); // 0x1
				_t430 = _t92;
				if ( *_t430 != 0xa) goto 0x280108ac;
				goto 0x2801093c;
				goto 0x28010971;
				_t97 =  &_a24; // 0x1000000ae
				r8d = 1;
				_t511 = _t430 + 1;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) != 0) goto 0x280108ef;
				if (GetLastError() != 0) goto 0x2801096a;
				if (_v104 == 0) goto 0x2801096a;
				if (( *( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x00000048) == 0) goto 0x2801092d;
				if (_a24 == 0xa) goto 0x2801093c;
				 *_t446 = bpl;
				_t466 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				 *((char*)(_t466 + _t487 + 9)) = _a24;
				goto 0x28010974;
				if (_t446 != _t518) goto 0x28010941;
				if (_a24 != 0xa) goto 0x28010941;
				 *_t446 = 0xa;
				goto 0x28010974;
				r8d = 1;
				E00007FF77FF728014D74(_t292, _a8,  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)), _t446, _t97 | 0xffffffff);
				if (_a24 == 0xa) goto 0x28010977;
				goto 0x28010971;
				 *_t446 = bpl;
				_t447 =  &(_t446[0]);
				if (_t511 - _v88 < 0) goto 0x2801086e;
				goto 0x280109a3;
				_t432 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				if (( *(_t432 + _t487 + 8) & 0x00000040) != 0) goto 0x2801099a;
				 *(_t432 + _t487 + 8) =  *(_t432 + _t487 + 8) | 0x00000002;
				goto 0x280109a3;
				 *_t447 =  *_t511;
				if (r15b != 1) goto 0x28010ca2;
				if (_t292 - r13d == 0) goto 0x28010ca2;
				r15d = 1;
				_t449 =  &(_t447[0]) - _t521;
				if (( *_t449 & 0x00000080) != 0) goto 0x280109d0;
				_t450 =  &(_t449[_t521]);
				goto 0x28010a82;
				_t312 = r15d;
				goto 0x280109e5;
				if (_t312 - 4 > 0) goto 0x280109f2;
				if (_t450 - _t518 < 0) goto 0x280109f2;
				_t451 = _t450 - _t521;
				_t313 = _t312 + r15d;
				if ( *((intOrPtr*)(_t432 + 0x7ff728041380)) == dil) goto 0x280109d5;
				if ( *((char*)(_t466 + 0x7ff728041380)) != 0) goto 0x28010a16;
				_t259 = E00007FF77FF7280078AC(_t432);
				 *_t432 = 0x2a;
				r12d = r12d | 0xffffffff;
				goto 0x28010ca7;
				if (_t259 + 1 != _t313) goto 0x28010a24;
				goto 0x28010a82;
				_t434 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				if (( *(_t434 + _t487 + 8) & 0x00000048) == 0) goto 0x28010a6e;
				_t453 =  &(( &(_t451[_t313]))[_t521]);
				 *((char*)(_t434 + _t487 + 9)) =  *_t451 & 0x000000ff;
				if (_t313 - 2 < 0) goto 0x28010a50;
				 *((char*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) =  *_t453;
				if (_t313 != 3) goto 0x28010a66;
				 *((char*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a)) = _t453[_t521];
				goto 0x28010a82;
				r8d = r15d;
				E00007FF77FF728014D74(_t292, _a8, _t313,  &(( &(_t453[_t521]))[_t521]) - _t313,  ~_t313);
				_t293 = _t292 - r13d;
				r9d = _t293;
				_v112 = _v96 >> 1;
				_v120 = _a16;
				_t266 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t266 != 0) goto 0x28010acb;
				_t268 = E00007FF77FF7280078EC(GetLastError(), _t313);
				r12d = r12d | 0xffffffff;
				goto 0x28010caf;
				r12d = _v100;
				dil = _t268 != _t293;
				 *((intOrPtr*)(0x7ff727ff0000 + _t487 + 0x48)) = 0;
				goto 0x28010caf;
				if (0 == 0) goto 0x28010b07;
				if ( *_t518 != 0xa) goto 0x28010b07;
				 *(0x7ff727ff0000 + _t487 + 8) =  *(0x7ff727ff0000 + _t487 + 8) | 0x00000004;
				goto 0x28010b0c;
				 *(0x7ff727ff0000 + _t487 + 8) =  *( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x000000fb;
				_t457 = _t518;
				_t512 = _t518;
				_t523 = _t266 + _t266 + _t518;
				if (_t518 - _t523 >= 0) goto 0x28010c9d;
				_t269 =  *_t512 & 0x0000ffff;
				if (_t269 == 0x1a) goto 0x28010c7b;
				if (_t269 == 0xd) goto 0x28010b4b;
				 *_t457 = _t269;
				_t458 =  &(_t457[1]);
				_t513 =  &(_t512[1]);
				goto 0x28010c70;
				if (_t513 - _t523 - 2 >= 0) goto 0x28010b6f;
				_t180 =  &(_t513[1]); // 0x2
				_t440 = _t180;
				if ( *_t440 != 0xa) goto 0x28010b67;
				goto 0x28010c29;
				goto 0x28010c69;
				r8d = 2;
				_t516 = _t440 + 2;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) != 0) goto 0x28010baf;
				if (GetLastError() != 0) goto 0x28010c5d;
				if (_v104 == 0) goto 0x28010c5d;
				if (( *( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x00000048) == 0) goto 0x28010c15;
				if (_a32 == 0xa) goto 0x28010c29;
				 *_t458 = 0xd;
				 *((char*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 9)) = _a32;
				 *((char*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) = _a33;
				 *((char*)( *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a)) = 0xa;
				goto 0x28010c6c;
				if (_t458 != _t518) goto 0x28010c2e;
				if (_a32 != 0xa) goto 0x28010c2e;
				 *_t458 = 0xa;
				goto 0x28010c6c;
				r8d = 1;
				E00007FF77FF728014D74(_t293, _a8,  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8)), _t458, 0xfffffffe);
				if (_a32 == 0xa) goto 0x28010c70;
				goto 0x28010c69;
				 *_t458 = 0xd;
				if (_t516 - _t523 < 0) goto 0x28010b27;
				goto 0x28010c9d;
				_t443 =  *((intOrPtr*)(0x7ff727ff0000 + 0x589e0 + _t520 * 8));
				if (( *(_t443 + _t487 + 8) & 0x00000040) != 0) goto 0x28010c91;
				 *(_t443 + _t487 + 8) =  *(_t443 + _t487 + 8) | 0x00000002;
				goto 0x28010c9d;
				_t458[1] =  *_t516 & 0x0000ffff;
				r12d = _v100;
				if (_t518 == _a16) goto 0x28010cbc;
				free(??);
				r12d =  ==  ? _t293 - r13d : r12d;
				goto 0x28010d32;
				if (GetLastError() != 5) goto 0x28010cef;
				E00007FF77FF7280078AC(_t443);
				 *_t443 = 9;
				_t279 = E00007FF77FF7280078CC(_t443);
				 *_t443 = 5;
				goto 0x28010a0d;
				if (_t279 != 0x6d) goto 0x28010cf9;
				r12d = 0;
				goto 0x28010ca7;
				E00007FF77FF7280078EC(_t279, _t443);
				goto 0x28010a0d;
				goto 0x28010d32;
				E00007FF77FF7280078CC(_t443);
				 *_t443 = 0;
				E00007FF77FF7280078AC(_t443);
				 *_t443 = 9;
				r9d = 0;
				r8d = 0;
				_v120 = _t485;
				return E00007FF77FF728004430(_t443,  &(_t458[2]), _t518, 0xfffffffe, _t487, _t488, 0x7ff727ff0000) | 0xffffffff;
			}







































































                                                                                                                                                                                                    0x7ff7280105c4
                                                                                                                                                                                                    0x7ff7280105c4
                                                                                                                                                                                                    0x7ff7280105c4
                                                                                                                                                                                                    0x7ff7280105c9
                                                                                                                                                                                                    0x7ff7280105dd
                                                                                                                                                                                                    0x7ff7280105e3
                                                                                                                                                                                                    0x7ff7280105e6
                                                                                                                                                                                                    0x7ff7280105e9
                                                                                                                                                                                                    0x7ff7280105ee
                                                                                                                                                                                                    0x7ff7280105f5
                                                                                                                                                                                                    0x7ff7280105f7
                                                                                                                                                                                                    0x7ff7280105fe
                                                                                                                                                                                                    0x7ff728010600
                                                                                                                                                                                                    0x7ff728010605
                                                                                                                                                                                                    0x7ff72801060b
                                                                                                                                                                                                    0x7ff728010614
                                                                                                                                                                                                    0x7ff72801061a
                                                                                                                                                                                                    0x7ff728010620
                                                                                                                                                                                                    0x7ff728010633
                                                                                                                                                                                                    0x7ff72801063a
                                                                                                                                                                                                    0x7ff728010642
                                                                                                                                                                                                    0x7ff72801064c
                                                                                                                                                                                                    0x7ff728010658
                                                                                                                                                                                                    0x7ff72801065a
                                                                                                                                                                                                    0x7ff72801065f
                                                                                                                                                                                                    0x7ff728010661
                                                                                                                                                                                                    0x7ff728010666
                                                                                                                                                                                                    0x7ff72801066c
                                                                                                                                                                                                    0x7ff728010675
                                                                                                                                                                                                    0x7ff72801067d
                                                                                                                                                                                                    0x7ff728010683
                                                                                                                                                                                                    0x7ff728010686
                                                                                                                                                                                                    0x7ff728010688
                                                                                                                                                                                                    0x7ff72801068d
                                                                                                                                                                                                    0x7ff728010693
                                                                                                                                                                                                    0x7ff728010696
                                                                                                                                                                                                    0x7ff7280106a0
                                                                                                                                                                                                    0x7ff7280106a5
                                                                                                                                                                                                    0x7ff7280106ad
                                                                                                                                                                                                    0x7ff7280106af
                                                                                                                                                                                                    0x7ff7280106b5
                                                                                                                                                                                                    0x7ff7280106bd
                                                                                                                                                                                                    0x7ff7280106c4
                                                                                                                                                                                                    0x7ff7280106ca
                                                                                                                                                                                                    0x7ff7280106cf
                                                                                                                                                                                                    0x7ff7280106d5
                                                                                                                                                                                                    0x7ff7280106d7
                                                                                                                                                                                                    0x7ff7280106dc
                                                                                                                                                                                                    0x7ff7280106e2
                                                                                                                                                                                                    0x7ff7280106e7
                                                                                                                                                                                                    0x7ff7280106ed
                                                                                                                                                                                                    0x7ff7280106fb
                                                                                                                                                                                                    0x7ff7280106fb
                                                                                                                                                                                                    0x7ff7280106ff
                                                                                                                                                                                                    0x7ff728010716
                                                                                                                                                                                                    0x7ff72801071b
                                                                                                                                                                                                    0x7ff728010726
                                                                                                                                                                                                    0x7ff728010731
                                                                                                                                                                                                    0x7ff728010737
                                                                                                                                                                                                    0x7ff72801073e
                                                                                                                                                                                                    0x7ff728010746
                                                                                                                                                                                                    0x7ff72801074c
                                                                                                                                                                                                    0x7ff728010758
                                                                                                                                                                                                    0x7ff72801075c
                                                                                                                                                                                                    0x7ff72801075f
                                                                                                                                                                                                    0x7ff72801075f
                                                                                                                                                                                                    0x7ff728010767
                                                                                                                                                                                                    0x7ff72801076f
                                                                                                                                                                                                    0x7ff728010779
                                                                                                                                                                                                    0x7ff728010780
                                                                                                                                                                                                    0x7ff728010784
                                                                                                                                                                                                    0x7ff728010786
                                                                                                                                                                                                    0x7ff728010790
                                                                                                                                                                                                    0x7ff72801079a
                                                                                                                                                                                                    0x7ff7280107a3
                                                                                                                                                                                                    0x7ff7280107ad
                                                                                                                                                                                                    0x7ff7280107b4
                                                                                                                                                                                                    0x7ff7280107b8
                                                                                                                                                                                                    0x7ff7280107ba
                                                                                                                                                                                                    0x7ff7280107bc
                                                                                                                                                                                                    0x7ff7280107c7
                                                                                                                                                                                                    0x7ff7280107cb
                                                                                                                                                                                                    0x7ff7280107ce
                                                                                                                                                                                                    0x7ff7280107e0
                                                                                                                                                                                                    0x7ff7280107e7
                                                                                                                                                                                                    0x7ff7280107f4
                                                                                                                                                                                                    0x7ff728010801
                                                                                                                                                                                                    0x7ff72801080c
                                                                                                                                                                                                    0x7ff72801081b
                                                                                                                                                                                                    0x7ff728010828
                                                                                                                                                                                                    0x7ff728010832
                                                                                                                                                                                                    0x7ff72801083a
                                                                                                                                                                                                    0x7ff728010841
                                                                                                                                                                                                    0x7ff728010843
                                                                                                                                                                                                    0x7ff728010848
                                                                                                                                                                                                    0x7ff72801084a
                                                                                                                                                                                                    0x7ff728010852
                                                                                                                                                                                                    0x7ff728010855
                                                                                                                                                                                                    0x7ff728010858
                                                                                                                                                                                                    0x7ff72801085b
                                                                                                                                                                                                    0x7ff728010863
                                                                                                                                                                                                    0x7ff72801086e
                                                                                                                                                                                                    0x7ff728010874
                                                                                                                                                                                                    0x7ff72801087d
                                                                                                                                                                                                    0x7ff72801087f
                                                                                                                                                                                                    0x7ff728010881
                                                                                                                                                                                                    0x7ff728010884
                                                                                                                                                                                                    0x7ff728010887
                                                                                                                                                                                                    0x7ff728010897
                                                                                                                                                                                                    0x7ff728010899
                                                                                                                                                                                                    0x7ff728010899
                                                                                                                                                                                                    0x7ff7280108a1
                                                                                                                                                                                                    0x7ff7280108a7
                                                                                                                                                                                                    0x7ff7280108af
                                                                                                                                                                                                    0x7ff7280108c1
                                                                                                                                                                                                    0x7ff7280108cd
                                                                                                                                                                                                    0x7ff7280108d3
                                                                                                                                                                                                    0x7ff7280108d6
                                                                                                                                                                                                    0x7ff7280108e3
                                                                                                                                                                                                    0x7ff7280108ed
                                                                                                                                                                                                    0x7ff7280108f3
                                                                                                                                                                                                    0x7ff728010909
                                                                                                                                                                                                    0x7ff728010913
                                                                                                                                                                                                    0x7ff728010915
                                                                                                                                                                                                    0x7ff728010918
                                                                                                                                                                                                    0x7ff728010927
                                                                                                                                                                                                    0x7ff72801092b
                                                                                                                                                                                                    0x7ff728010930
                                                                                                                                                                                                    0x7ff72801093a
                                                                                                                                                                                                    0x7ff72801093c
                                                                                                                                                                                                    0x7ff72801093f
                                                                                                                                                                                                    0x7ff728010948
                                                                                                                                                                                                    0x7ff728010952
                                                                                                                                                                                                    0x7ff728010966
                                                                                                                                                                                                    0x7ff728010968
                                                                                                                                                                                                    0x7ff728010971
                                                                                                                                                                                                    0x7ff728010974
                                                                                                                                                                                                    0x7ff72801097c
                                                                                                                                                                                                    0x7ff728010982
                                                                                                                                                                                                    0x7ff728010984
                                                                                                                                                                                                    0x7ff728010991
                                                                                                                                                                                                    0x7ff728010993
                                                                                                                                                                                                    0x7ff728010998
                                                                                                                                                                                                    0x7ff72801099e
                                                                                                                                                                                                    0x7ff7280109ac
                                                                                                                                                                                                    0x7ff7280109b4
                                                                                                                                                                                                    0x7ff7280109ba
                                                                                                                                                                                                    0x7ff7280109c0
                                                                                                                                                                                                    0x7ff7280109c6
                                                                                                                                                                                                    0x7ff7280109c8
                                                                                                                                                                                                    0x7ff7280109cb
                                                                                                                                                                                                    0x7ff7280109d0
                                                                                                                                                                                                    0x7ff7280109d3
                                                                                                                                                                                                    0x7ff7280109d8
                                                                                                                                                                                                    0x7ff7280109dd
                                                                                                                                                                                                    0x7ff7280109df
                                                                                                                                                                                                    0x7ff7280109e2
                                                                                                                                                                                                    0x7ff7280109f0
                                                                                                                                                                                                    0x7ff728010a00
                                                                                                                                                                                                    0x7ff728010a02
                                                                                                                                                                                                    0x7ff728010a07
                                                                                                                                                                                                    0x7ff728010a0d
                                                                                                                                                                                                    0x7ff728010a11
                                                                                                                                                                                                    0x7ff728010a1a
                                                                                                                                                                                                    0x7ff728010a22
                                                                                                                                                                                                    0x7ff728010a24
                                                                                                                                                                                                    0x7ff728010a31
                                                                                                                                                                                                    0x7ff728010a33
                                                                                                                                                                                                    0x7ff728010a39
                                                                                                                                                                                                    0x7ff728010a3d
                                                                                                                                                                                                    0x7ff728010a4c
                                                                                                                                                                                                    0x7ff728010a53
                                                                                                                                                                                                    0x7ff728010a62
                                                                                                                                                                                                    0x7ff728010a6c
                                                                                                                                                                                                    0x7ff728010a77
                                                                                                                                                                                                    0x7ff728010a7d
                                                                                                                                                                                                    0x7ff728010a8e
                                                                                                                                                                                                    0x7ff728010a93
                                                                                                                                                                                                    0x7ff728010a99
                                                                                                                                                                                                    0x7ff728010aa4
                                                                                                                                                                                                    0x7ff728010aa9
                                                                                                                                                                                                    0x7ff728010ab3
                                                                                                                                                                                                    0x7ff728010abd
                                                                                                                                                                                                    0x7ff728010ac2
                                                                                                                                                                                                    0x7ff728010ac6
                                                                                                                                                                                                    0x7ff728010acb
                                                                                                                                                                                                    0x7ff728010ae1
                                                                                                                                                                                                    0x7ff728010ae7
                                                                                                                                                                                                    0x7ff728010aeb
                                                                                                                                                                                                    0x7ff728010af7
                                                                                                                                                                                                    0x7ff728010afe
                                                                                                                                                                                                    0x7ff728010b00
                                                                                                                                                                                                    0x7ff728010b05
                                                                                                                                                                                                    0x7ff728010b07
                                                                                                                                                                                                    0x7ff728010b0f
                                                                                                                                                                                                    0x7ff728010b12
                                                                                                                                                                                                    0x7ff728010b15
                                                                                                                                                                                                    0x7ff728010b1c
                                                                                                                                                                                                    0x7ff728010b27
                                                                                                                                                                                                    0x7ff728010b30
                                                                                                                                                                                                    0x7ff728010b39
                                                                                                                                                                                                    0x7ff728010b3b
                                                                                                                                                                                                    0x7ff728010b3e
                                                                                                                                                                                                    0x7ff728010b42
                                                                                                                                                                                                    0x7ff728010b46
                                                                                                                                                                                                    0x7ff728010b52
                                                                                                                                                                                                    0x7ff728010b54
                                                                                                                                                                                                    0x7ff728010b54
                                                                                                                                                                                                    0x7ff728010b5c
                                                                                                                                                                                                    0x7ff728010b62
                                                                                                                                                                                                    0x7ff728010b6a
                                                                                                                                                                                                    0x7ff728010b88
                                                                                                                                                                                                    0x7ff728010b8e
                                                                                                                                                                                                    0x7ff728010b92
                                                                                                                                                                                                    0x7ff728010b9f
                                                                                                                                                                                                    0x7ff728010ba9
                                                                                                                                                                                                    0x7ff728010bb3
                                                                                                                                                                                                    0x7ff728010bcd
                                                                                                                                                                                                    0x7ff728010bdc
                                                                                                                                                                                                    0x7ff728010bde
                                                                                                                                                                                                    0x7ff728010bf0
                                                                                                                                                                                                    0x7ff728010c03
                                                                                                                                                                                                    0x7ff728010c0f
                                                                                                                                                                                                    0x7ff728010c13
                                                                                                                                                                                                    0x7ff728010c18
                                                                                                                                                                                                    0x7ff728010c27
                                                                                                                                                                                                    0x7ff728010c29
                                                                                                                                                                                                    0x7ff728010c2c
                                                                                                                                                                                                    0x7ff728010c3c
                                                                                                                                                                                                    0x7ff728010c40
                                                                                                                                                                                                    0x7ff728010c59
                                                                                                                                                                                                    0x7ff728010c5b
                                                                                                                                                                                                    0x7ff728010c69
                                                                                                                                                                                                    0x7ff728010c73
                                                                                                                                                                                                    0x7ff728010c79
                                                                                                                                                                                                    0x7ff728010c7b
                                                                                                                                                                                                    0x7ff728010c88
                                                                                                                                                                                                    0x7ff728010c8a
                                                                                                                                                                                                    0x7ff728010c8f
                                                                                                                                                                                                    0x7ff728010c96
                                                                                                                                                                                                    0x7ff728010ca2
                                                                                                                                                                                                    0x7ff728010cb2
                                                                                                                                                                                                    0x7ff728010cb7
                                                                                                                                                                                                    0x7ff728010cc0
                                                                                                                                                                                                    0x7ff728010cc7
                                                                                                                                                                                                    0x7ff728010cd2
                                                                                                                                                                                                    0x7ff728010cd4
                                                                                                                                                                                                    0x7ff728010cd9
                                                                                                                                                                                                    0x7ff728010cdf
                                                                                                                                                                                                    0x7ff728010ce4
                                                                                                                                                                                                    0x7ff728010cea
                                                                                                                                                                                                    0x7ff728010cf2
                                                                                                                                                                                                    0x7ff728010cf4
                                                                                                                                                                                                    0x7ff728010cf7
                                                                                                                                                                                                    0x7ff728010cfb
                                                                                                                                                                                                    0x7ff728010d00
                                                                                                                                                                                                    0x7ff728010d07
                                                                                                                                                                                                    0x7ff728010d09
                                                                                                                                                                                                    0x7ff728010d0e
                                                                                                                                                                                                    0x7ff728010d10
                                                                                                                                                                                                    0x7ff728010d15
                                                                                                                                                                                                    0x7ff728010d1b
                                                                                                                                                                                                    0x7ff728010d1e
                                                                                                                                                                                                    0x7ff728010d25
                                                                                                                                                                                                    0x7ff728010d42

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: edecc77121cc5808f797c38e0de8add454756a7ebf3f8fd74126f6dce199133d
                                                                                                                                                                                                    • Instruction ID: 89451bb877f014b6db497be59b1b9774335b086d4b49ebaf3464620f56f39703
                                                                                                                                                                                                    • Opcode Fuzzy Hash: edecc77121cc5808f797c38e0de8add454756a7ebf3f8fd74126f6dce199133d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A722F712A0D68282E771AB14DC406BDFA51FB81764FD89133C9DE136D5EE2EE441CF2A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728009D48 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E00007FF77FF728009D48(void* __ebx, void* __ecx, void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, signed int* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t152;
				intOrPtr _t155;
				void* _t160;
				void* _t161;
				signed int _t162;
				void* _t207;
				void* _t208;
				signed int* _t213;
				long long _t214;
				signed int _t220;
				intOrPtr _t222;
				signed int* _t223;
				void* _t271;
				intOrPtr* _t272;
				intOrPtr* _t273;
				void* _t275;
				signed int* _t276;
				void* _t280;
				long long _t281;
				intOrPtr* _t283;
				signed int* _t285;
				void* _t288;
				void* _t289;
				void* _t307;
				long long _t308;
				void* _t310;
				void* _t315;
				signed int* _t316;
				void* _t318;
				signed int* _t320;

				_t207 = __rax;
				_t159 = __edi;
				_t152 = __ecx;
				 *((long long*)(_t288 + 0x20)) = __rbx;
				 *((long long*)(_t288 + 0x18)) = __r8;
				 *((long long*)(_t288 + 0x10)) = __rdx;
				_t289 = _t288 - 0xa0;
				_t222 =  *((intOrPtr*)(_t289 + 0x100));
				r15d = 0;
				_t308 = __rdx;
				_t272 = __rcx;
				_t316 = __r9;
				_t281 = __r8;
				 *((intOrPtr*)(_t289 + 0x60)) = r15b;
				r14b = r15b;
				 *((intOrPtr*)(_t289 + 0xe0)) = r15b;
				_t160 = E00007FF77FF728012548(_t222, __r9);
				E00007FF77FF7280071FC(__edi, _t207, _t222, __rdx, _t316, _t275, _t281, _t222, _t289 + 0x78, _t320, _t318);
				if (_t160 - E00007FF77FF7280125C0(_t207, __rdx, _t222) <= 0) goto 0x28009de8;
				r9d = _t160;
				E00007FF77FF728012578(_t106, _t289 + 0x78, _t222);
				r9d = _t160;
				E00007FF77FF728012584(_t207, _t222, _t308, _t222, _t315);
				goto 0x28009df2;
				_t161 = E00007FF77FF7280125C0(_t207, _t308, _t222);
				if (_t161 - 0xffffffff < 0) goto 0x28009dfc;
				if (_t161 -  *((intOrPtr*)(_t222 + 4)) < 0) goto 0x28009e01;
				E00007FF77FF728010148(_t207);
				if ( *_t272 != 0xe06d7363) goto 0x2800a258;
				if ( *((intOrPtr*)(_t272 + 0x18)) != 4) goto 0x28009fc7;
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0x19930520) goto 0x28009e36;
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0x19930521) goto 0x28009e36;
				if ( *((intOrPtr*)(_t272 + 0x20)) != 0x19930522) goto 0x28009fc7;
				if ( *((intOrPtr*)(_t272 + 0x30)) != _t320) goto 0x28009fc7;
				E00007FF77FF72800B93C(_t152,  *((intOrPtr*)(_t272 + 0x30)) - _t320, _t207);
				if ( *((intOrPtr*)(_t207 + 0xf0)) == _t320) goto 0x2800a23d;
				E00007FF77FF72800B93C(_t152,  *((intOrPtr*)(_t207 + 0xf0)) - _t320, _t207);
				_t273 =  *((intOrPtr*)(_t207 + 0xf0));
				E00007FF77FF72800B93C(_t152,  *((intOrPtr*)(_t207 + 0xf0)) - _t320, _t207);
				 *((char*)(_t289 + 0x60)) = 1;
				 *((long long*)(_t289 + 0xf0)) =  *((intOrPtr*)(_t207 + 0xf8));
				if (E00007FF77FF728014658(E00007FF77FF728007334(_t207,  *((intOrPtr*)(_t273 + 0x38))), _t273) != r15d) goto 0x28009e97;
				E00007FF77FF728010148(_t207);
				if ( *_t273 != 0xe06d7363) goto 0x28009ecb;
				if ( *((intOrPtr*)(_t273 + 0x18)) != 4) goto 0x28009ecb;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930520) goto 0x28009ec0;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930521) goto 0x28009ec0;
				if ( *((intOrPtr*)(_t273 + 0x20)) != 0x19930522) goto 0x28009ecb;
				if ( *((intOrPtr*)(_t273 + 0x30)) != _t320) goto 0x28009ecb;
				E00007FF77FF728010148(_t207);
				E00007FF77FF72800B93C(_t152,  *((intOrPtr*)(_t273 + 0x30)) - _t320, _t207);
				if ( *(_t207 + 0x108) == _t320) goto 0x28009fc7;
				E00007FF77FF72800B93C(_t152,  *(_t207 + 0x108) - _t320, _t207);
				_t283 =  *(_t207 + 0x108);
				E00007FF77FF72800B93C(_t152,  *(_t207 + 0x108) - _t320, _t207);
				 *(_t207 + 0x108) = _t320;
				if (E00007FF77FF728009468(_t207, _t222, _t273, _t283, _t275, _t283) != r15b) goto 0x28009fbf;
				r12d = r15d;
				if ( *_t283 - r15d <= 0) goto 0x28009f67;
				_t276 = _t320;
				E00007FF77FF7280072E8(_t207);
				_t208 = _t207 + _t276;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t283 + 4)) + _t208 + 4)) == r15d) goto 0x28009f43;
				E00007FF77FF7280072E8(_t208);
				_t223 =  *((intOrPtr*)( *((intOrPtr*)(_t283 + 4)) + _t208 + _t276 + 4));
				E00007FF77FF7280072E8(_t208 + _t276);
				goto 0x28009f46;
				if (E00007FF77FF7280045C0(_t320, 0x28040408) != r15b) goto 0x28009f6d;
				r12d = r12d + 1;
				if (r12d -  *_t283 < 0) goto 0x28009f15;
				E00007FF77FF728010124(r12d -  *_t283, _t320);
				asm("int3");
				E00007FF77FF7280093E4(1, _t273);
				 *((long long*)(_t289 + 0xe0)) = "bad exception";
				E00007FF77FF7280040EC(_t223, _t289 + 0x88, _t289 + 0xe0,  &(_t276[5]), _t307);
				 *((long long*)(_t289 + 0x88)) = 0x28030da8;
				E00007FF77FF728007168(_t320, _t223, _t289 + 0x88, 0x2803e0e0, _t271);
				asm("int3");
				if ( *_t273 != 0xe06d7363) goto 0x2800a258;
				if ( *((intOrPtr*)(_t273 + 0x18)) != 4) goto 0x2800a258;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930520) goto 0x28009ffc;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930521) goto 0x28009ffc;
				if ( *((intOrPtr*)(_t273 + 0x20)) != 0x19930522) goto 0x2800a258;
				if (_t223[3] - r15d <= 0) goto 0x2800a18a;
				r8d =  *((intOrPtr*)(_t289 + 0x110));
				 *(_t289 + 0x30) = _t316;
				 *(_t289 + 0x28) = _t289 + 0x68;
				_t213 = _t289 + 0x64;
				r9d = _t161;
				 *(_t289 + 0x20) = _t213;
				E00007FF77FF72800757C(__ebx, _t223, _t223,  &(_t276[5]));
				_t285 = _t213;
				if ( *((intOrPtr*)(_t289 + 0x64)) -  *((intOrPtr*)(_t289 + 0x68)) >= 0) goto 0x2800a18a;
				if ( *_t285 - _t161 > 0) goto 0x2800a16f;
				if (_t161 - _t285[1] > 0) goto 0x2800a16f;
				E00007FF77FF7280072E8(_t213);
				r14d = _t285[3];
				_t310 = _t213 + _t285[4];
				if (r14d - r15d <= 0) goto 0x2800a157;
				E00007FF77FF728007300(_t213);
				_t214 = _t213 +  *((intOrPtr*)( *((intOrPtr*)(_t273 + 0x30)) + 0xc)) + 4;
				 *((long long*)(_t289 + 0x70)) = _t214;
				E00007FF77FF728007300(_t214);
				r15d =  *((intOrPtr*)(_t214 +  *((intOrPtr*)( *((intOrPtr*)(_t273 + 0x30)) + 0xc))));
				goto 0x2800a0d1;
				E00007FF77FF728007300(_t214);
				 *((long long*)(_t289 + 0x80)) = _t214 +  *((intOrPtr*)( *((intOrPtr*)(_t289 + 0x70))));
				if (E00007FF77FF7280090E0(_t223, _t310, _t214 +  *((intOrPtr*)( *((intOrPtr*)(_t289 + 0x70)))), _t273,  &(_t276[5]),  *((intOrPtr*)(_t273 + 0x30))) != 0) goto 0x2800a0e2;
				r15d = r15d - 1;
				 *((long long*)(_t289 + 0x70)) =  *((long long*)(_t289 + 0x70)) + 4;
				if (r15d > 0) goto 0x2800a09d;
				r14d = r14d - 1;
				r15d = 0;
				goto 0x2800a06a;
				r14b = 1;
				 *((char*)(_t289 + 0x58)) =  *((intOrPtr*)(_t289 + 0x108));
				 *((char*)(_t289 + 0x50)) =  *((intOrPtr*)(_t289 + 0x60));
				 *((long long*)(_t289 + 0x48)) =  *((intOrPtr*)(_t289 + 0x118));
				 *((intOrPtr*)(_t289 + 0xe0)) = r14b;
				 *((intOrPtr*)(_t289 + 0x40)) =  *((intOrPtr*)(_t289 + 0x110));
				 *(_t289 + 0x38) = _t285;
				 *(_t289 + 0x30) =  *((intOrPtr*)(_t289 + 0x80));
				 *(_t289 + 0x28) = _t310 + 0x14;
				 *(_t289 + 0x20) = _t223;
				E00007FF77FF728009A40( *((intOrPtr*)(_t289 + 0x64)), _t159, _t223, _t273,  *((intOrPtr*)(_t289 + 0xe8)), _t285,  *((intOrPtr*)(_t289 + 0xf0)), _t316);
				r15d = 0;
				goto 0x2800a167;
				r14b =  *((intOrPtr*)(_t289 + 0xe0));
				_t155 =  *((intOrPtr*)(_t289 + 0x64)) + 1;
				 *((intOrPtr*)(_t289 + 0x64)) = _t155;
				if (_t155 -  *((intOrPtr*)(_t289 + 0x68)) < 0) goto 0x2800a048;
				if (r14b != r15b) goto 0x2800a22a;
				if (( *_t223 & 0x1fffffff) - 0x19930521 < 0) goto 0x2800a22a;
				_t162 = _t223[8];
				if (_t162 == r15d) goto 0x2800a1b1;
				E00007FF77FF7280072E8( *((intOrPtr*)(_t289 + 0x80)));
				goto 0x2800a1b4;
				if (_t320 == _t320) goto 0x2800a22a;
				if (_t162 == r15d) goto 0x2800a1cf;
				E00007FF77FF7280072E8(_t320);
				_t220 = _t223[8];
				goto 0x2800a1d2;
				if (E00007FF77FF728009468(_t220, _t223, _t273, _t320, _t162,  &(_t285[5])) != r15b) goto 0x2800a22a;
				E00007FF77FF7280071FC(_t159, _t220, _t223,  *((intOrPtr*)(_t289 + 0xe8)), _t316, _t162,  &(_t285[5]), _t223, _t289 + 0xe0, _t275, _t280);
				 *((char*)(_t289 + 0x40)) =  *((intOrPtr*)(_t289 + 0x108));
				 *(_t289 + 0x38) = _t316;
				 *(_t289 + 0x30) = _t223;
				 *(_t289 + 0x28) =  *(_t289 + 0x28) | 0xffffffff;
				 *(_t289 + 0x20) = _t320;
				E00007FF77FF72800777C(_t223,  *((intOrPtr*)(_t289 + 0xe8)), _t273, _t162,  &(_t285[5]),  *((intOrPtr*)(_t289 + 0xf0)), _t220);
				E00007FF77FF72800B93C( *((intOrPtr*)(_t289 + 0x108)), E00007FF77FF728009468(_t220, _t223, _t273, _t320, _t162,  &(_t285[5])) - r15b, _t220);
				if ( *((intOrPtr*)(_t220 + 0x108)) == _t320) goto 0x2800a23d;
				return E00007FF77FF728010148(_t220);
			}




































                                                                                                                                                                                                    0x7ff728009d48
                                                                                                                                                                                                    0x7ff728009d48
                                                                                                                                                                                                    0x7ff728009d48
                                                                                                                                                                                                    0x7ff728009d48
                                                                                                                                                                                                    0x7ff728009d4d
                                                                                                                                                                                                    0x7ff728009d52
                                                                                                                                                                                                    0x7ff728009d62
                                                                                                                                                                                                    0x7ff728009d69
                                                                                                                                                                                                    0x7ff728009d71
                                                                                                                                                                                                    0x7ff728009d74
                                                                                                                                                                                                    0x7ff728009d77
                                                                                                                                                                                                    0x7ff728009d80
                                                                                                                                                                                                    0x7ff728009d83
                                                                                                                                                                                                    0x7ff728009d86
                                                                                                                                                                                                    0x7ff728009d8b
                                                                                                                                                                                                    0x7ff728009d8e
                                                                                                                                                                                                    0x7ff728009da9
                                                                                                                                                                                                    0x7ff728009dab
                                                                                                                                                                                                    0x7ff728009dc6
                                                                                                                                                                                                    0x7ff728009dcd
                                                                                                                                                                                                    0x7ff728009dd0
                                                                                                                                                                                                    0x7ff728009dd5
                                                                                                                                                                                                    0x7ff728009de1
                                                                                                                                                                                                    0x7ff728009de6
                                                                                                                                                                                                    0x7ff728009df0
                                                                                                                                                                                                    0x7ff728009df5
                                                                                                                                                                                                    0x7ff728009dfa
                                                                                                                                                                                                    0x7ff728009dfc
                                                                                                                                                                                                    0x7ff728009e07
                                                                                                                                                                                                    0x7ff728009e11
                                                                                                                                                                                                    0x7ff728009e1e
                                                                                                                                                                                                    0x7ff728009e27
                                                                                                                                                                                                    0x7ff728009e30
                                                                                                                                                                                                    0x7ff728009e3a
                                                                                                                                                                                                    0x7ff728009e40
                                                                                                                                                                                                    0x7ff728009e4c
                                                                                                                                                                                                    0x7ff728009e52
                                                                                                                                                                                                    0x7ff728009e57
                                                                                                                                                                                                    0x7ff728009e5e
                                                                                                                                                                                                    0x7ff728009e6e
                                                                                                                                                                                                    0x7ff728009e73
                                                                                                                                                                                                    0x7ff728009e90
                                                                                                                                                                                                    0x7ff728009e92
                                                                                                                                                                                                    0x7ff728009e9d
                                                                                                                                                                                                    0x7ff728009ea3
                                                                                                                                                                                                    0x7ff728009eac
                                                                                                                                                                                                    0x7ff728009eb5
                                                                                                                                                                                                    0x7ff728009ebe
                                                                                                                                                                                                    0x7ff728009ec4
                                                                                                                                                                                                    0x7ff728009ec6
                                                                                                                                                                                                    0x7ff728009ecb
                                                                                                                                                                                                    0x7ff728009ed7
                                                                                                                                                                                                    0x7ff728009edd
                                                                                                                                                                                                    0x7ff728009ee2
                                                                                                                                                                                                    0x7ff728009ee9
                                                                                                                                                                                                    0x7ff728009ef4
                                                                                                                                                                                                    0x7ff728009f03
                                                                                                                                                                                                    0x7ff728009f0d
                                                                                                                                                                                                    0x7ff728009f10
                                                                                                                                                                                                    0x7ff728009f12
                                                                                                                                                                                                    0x7ff728009f15
                                                                                                                                                                                                    0x7ff728009f1e
                                                                                                                                                                                                    0x7ff728009f26
                                                                                                                                                                                                    0x7ff728009f28
                                                                                                                                                                                                    0x7ff728009f34
                                                                                                                                                                                                    0x7ff728009f39
                                                                                                                                                                                                    0x7ff728009f41
                                                                                                                                                                                                    0x7ff728009f58
                                                                                                                                                                                                    0x7ff728009f5a
                                                                                                                                                                                                    0x7ff728009f65
                                                                                                                                                                                                    0x7ff728009f67
                                                                                                                                                                                                    0x7ff728009f6c
                                                                                                                                                                                                    0x7ff728009f72
                                                                                                                                                                                                    0x7ff728009f8e
                                                                                                                                                                                                    0x7ff728009f96
                                                                                                                                                                                                    0x7ff728009fb1
                                                                                                                                                                                                    0x7ff728009fb9
                                                                                                                                                                                                    0x7ff728009fbe
                                                                                                                                                                                                    0x7ff728009fcd
                                                                                                                                                                                                    0x7ff728009fd7
                                                                                                                                                                                                    0x7ff728009fe4
                                                                                                                                                                                                    0x7ff728009fed
                                                                                                                                                                                                    0x7ff728009ff6
                                                                                                                                                                                                    0x7ff72800a000
                                                                                                                                                                                                    0x7ff72800a006
                                                                                                                                                                                                    0x7ff72800a013
                                                                                                                                                                                                    0x7ff72800a018
                                                                                                                                                                                                    0x7ff72800a01d
                                                                                                                                                                                                    0x7ff72800a022
                                                                                                                                                                                                    0x7ff72800a02b
                                                                                                                                                                                                    0x7ff72800a030
                                                                                                                                                                                                    0x7ff72800a039
                                                                                                                                                                                                    0x7ff72800a042
                                                                                                                                                                                                    0x7ff72800a04b
                                                                                                                                                                                                    0x7ff72800a054
                                                                                                                                                                                                    0x7ff72800a05a
                                                                                                                                                                                                    0x7ff72800a063
                                                                                                                                                                                                    0x7ff72800a067
                                                                                                                                                                                                    0x7ff72800a06d
                                                                                                                                                                                                    0x7ff72800a073
                                                                                                                                                                                                    0x7ff72800a080
                                                                                                                                                                                                    0x7ff72800a085
                                                                                                                                                                                                    0x7ff72800a08a
                                                                                                                                                                                                    0x7ff72800a097
                                                                                                                                                                                                    0x7ff72800a09b
                                                                                                                                                                                                    0x7ff72800a09d
                                                                                                                                                                                                    0x7ff72800a0b7
                                                                                                                                                                                                    0x7ff72800a0c6
                                                                                                                                                                                                    0x7ff72800a0c8
                                                                                                                                                                                                    0x7ff72800a0cb
                                                                                                                                                                                                    0x7ff72800a0d4
                                                                                                                                                                                                    0x7ff72800a0d6
                                                                                                                                                                                                    0x7ff72800a0dd
                                                                                                                                                                                                    0x7ff72800a0e0
                                                                                                                                                                                                    0x7ff72800a0f1
                                                                                                                                                                                                    0x7ff72800a0f4
                                                                                                                                                                                                    0x7ff72800a0ff
                                                                                                                                                                                                    0x7ff72800a10e
                                                                                                                                                                                                    0x7ff72800a11a
                                                                                                                                                                                                    0x7ff72800a122
                                                                                                                                                                                                    0x7ff72800a12e
                                                                                                                                                                                                    0x7ff72800a133
                                                                                                                                                                                                    0x7ff72800a138
                                                                                                                                                                                                    0x7ff72800a148
                                                                                                                                                                                                    0x7ff72800a14d
                                                                                                                                                                                                    0x7ff72800a152
                                                                                                                                                                                                    0x7ff72800a155
                                                                                                                                                                                                    0x7ff72800a157
                                                                                                                                                                                                    0x7ff72800a16f
                                                                                                                                                                                                    0x7ff72800a175
                                                                                                                                                                                                    0x7ff72800a17b
                                                                                                                                                                                                    0x7ff72800a184
                                                                                                                                                                                                    0x7ff72800a196
                                                                                                                                                                                                    0x7ff72800a19c
                                                                                                                                                                                                    0x7ff72800a1a2
                                                                                                                                                                                                    0x7ff72800a1a7
                                                                                                                                                                                                    0x7ff72800a1af
                                                                                                                                                                                                    0x7ff72800a1b7
                                                                                                                                                                                                    0x7ff72800a1bc
                                                                                                                                                                                                    0x7ff72800a1be
                                                                                                                                                                                                    0x7ff72800a1c6
                                                                                                                                                                                                    0x7ff72800a1cd
                                                                                                                                                                                                    0x7ff72800a1dd
                                                                                                                                                                                                    0x7ff72800a1f0
                                                                                                                                                                                                    0x7ff72800a204
                                                                                                                                                                                                    0x7ff72800a208
                                                                                                                                                                                                    0x7ff72800a20d
                                                                                                                                                                                                    0x7ff72800a212
                                                                                                                                                                                                    0x7ff72800a220
                                                                                                                                                                                                    0x7ff72800a225
                                                                                                                                                                                                    0x7ff72800a22a
                                                                                                                                                                                                    0x7ff72800a236
                                                                                                                                                                                                    0x7ff72800a257

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$BlockUnwind$BaseEntryExceptionFunctionImageLookupRaiseThrow
                                                                                                                                                                                                    • String ID: bad exception$csm$csm$csm
                                                                                                                                                                                                    • API String ID: 2351602029-820278400
                                                                                                                                                                                                    • Opcode ID: 9879b71105d79e3faefd726c5ecf8e7106465e3219339e0629f894a23453c9a7
                                                                                                                                                                                                    • Instruction ID: 1d81b87806b7135649a6540ba4e2ac66493401d37189d8a499a88cea9ebb16cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9879b71105d79e3faefd726c5ecf8e7106465e3219339e0629f894a23453c9a7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4E1A532A0878285DA70BB25AC402B9E7A0FB55781F844536DE9D07BD5DF3EE451CF28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFB470 Relevance: 19.7, APIs: 13, Instructions: 249COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF77FF727FFB470(long long __rdx, void* __r8, long long _a16, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56) {
				char _v56;
				char _v72;
				intOrPtr _v80;
				char _v88;
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* _t21;
				intOrPtr _t31;
				intOrPtr* _t36;
				long long* _t37;
				intOrPtr* _t38;
				intOrPtr* _t40;
				long long* _t42;
				void* _t44;
				void* _t46;
				void* _t54;
				void* _t55;

				_a16 = __rdx;
				_t36 = _a48;
				_t37 =  &_v72;
				_t42 =  &_v56;
				 *_t37 =  *_t36;
				 *((long long*)(_t37 + 8)) =  *((intOrPtr*)(_t36 + 8));
				_t38 = _a40;
				 *_t42 =  *_t38;
				 *((long long*)(_t42 + 8)) =  *((intOrPtr*)(_t38 + 8));
				E00007FF77FF727FFBC70( &_v88, __r8, _t44, _t46,  &_v56,  &_v72, __rdx, _t54, _t55);
				if ( *((long long*)(__r8 + 0x38)) != 0) goto 0x27ffb5e3;
				_t31 = _v88;
				if (_t31 == 0xfffffffc) goto 0x27ffb4f7;
				if (_t31 == 0) goto 0x27ffb4f2;
				if (_t31 ==  *_t36) goto 0x27ffb4f7;
				_t21 = E00007FF77FF7280044B8();
				if (_v80 !=  *((intOrPtr*)(_t36 + 8))) goto 0x27ffb528;
				_t40 = _a56;
				 *((long long*)(__rdx)) =  *_t40;
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(_t40 + 8));
				return _t21;
			}





















                                                                                                                                                                                                    0x7ff727ffb470
                                                                                                                                                                                                    0x7ff727ffb47f
                                                                                                                                                                                                    0x7ff727ffb487
                                                                                                                                                                                                    0x7ff727ffb492
                                                                                                                                                                                                    0x7ff727ffb49a
                                                                                                                                                                                                    0x7ff727ffb4a6
                                                                                                                                                                                                    0x7ff727ffb4aa
                                                                                                                                                                                                    0x7ff727ffb4ba
                                                                                                                                                                                                    0x7ff727ffb4c6
                                                                                                                                                                                                    0x7ff727ffb4cd
                                                                                                                                                                                                    0x7ff727ffb4d7
                                                                                                                                                                                                    0x7ff727ffb4dd
                                                                                                                                                                                                    0x7ff727ffb4e6
                                                                                                                                                                                                    0x7ff727ffb4eb
                                                                                                                                                                                                    0x7ff727ffb4f0
                                                                                                                                                                                                    0x7ff727ffb4f2
                                                                                                                                                                                                    0x7ff727ffb500
                                                                                                                                                                                                    0x7ff727ffb502
                                                                                                                                                                                                    0x7ff727ffb50d
                                                                                                                                                                                                    0x7ff727ffb515
                                                                                                                                                                                                    0x7ff727ffb527

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: c1a07d890f2d1985cc669972f8e1ed61626581fff1d6e9b679634fa50c2043ac
                                                                                                                                                                                                    • Instruction ID: 902a0ea3e5f8edd3d145e6380d720dd3b8c4e0653db533b563a271605e473cb0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1a07d890f2d1985cc669972f8e1ed61626581fff1d6e9b679634fa50c2043ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2B1602361DE4680DA60AF29E940269E360FB45BA8F984232DA6D477D4DF3CE543CB25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728028E80 Relevance: 19.7, APIs: 13, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF77FF728028E80(void* __ebx, void* __edx, signed int __ebp, long long __rbx, void* __rcx, void* __rdx, long long __rsi) {
				void* _t106;
				void* _t140;
				long long* _t143;
				long long _t148;
				intOrPtr* _t153;
				void* _t171;
				void* _t172;
				long long _t175;
				long long _t177;
				intOrPtr _t178;
				void* _t179;
				void* _t181;
				intOrPtr* _t182;
				intOrPtr _t183;
				long long _t185;
				long long _t186;
				intOrPtr _t190;
				void* _t193;
				void* _t194;
				void* _t207;
				long long _t208;

				_t106 = __edx;
				_t140 = _t193;
				_t194 = _t193 - 0xa0;
				 *((long long*)(_t194 + 0x30)) = 0xfffffffe;
				 *((long long*)(_t140 + 8)) = __rbx;
				 *((long long*)(_t140 + 0x18)) = _t185;
				 *((long long*)(_t140 + 0x20)) = __rsi;
				_t207 = __rdx;
				_t181 = __rcx;
				if (__rdx == 0) goto 0x28029173;
				if (r8d == 0) goto 0x28029173;
				_t153 = __rcx + 0x210;
				_t186 =  *((intOrPtr*)(_t153 + 0x20));
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t186 <= 0) goto 0x28028ed5;
				E00007FF77FF7280044B8();
				 *((long long*)(_t194 + 0x40)) =  *_t153;
				 *((long long*)(_t194 + 0x48)) = _t186;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) =  *(_t194 + 0xc8) & 0x000000ff;
				E00007FF77FF727FFD1A0(_t106, _t153, _t153, _t194 + 0x60, __rcx, __rdx, __rdx + _t172);
				_t143 =  *((intOrPtr*)(_t153 + 0x20)) -  *((intOrPtr*)(_t153 + 0x18));
				if (_t143 - 3 >= 0) goto 0x28028f30;
				goto 0x28029175;
				_t112 =  *(_t181 + 0x2a4) * __ebp;
				 *(_t194 + 0xc8) = 0;
				E00007FF77FF7280045E0(_t143, _t153);
				r13d = 0;
				if (_t143 == 0) goto 0x28028f5b;
				 *_t143 = _t194 + 0x70;
				goto 0x28028f5e;
				 *((long long*)(_t194 + 0x70)) = _t208;
				r12d =  *(_t181 + 0x2a4) * __ebp;
				E00007FF77FF727FF4CA0(_t208, _t153, _t194 + 0x70, _t194 + 0x60, _t181, _t194 + 0xc8);
				if ( *((intOrPtr*)(_t194 + 0x90)) !=  *((intOrPtr*)(_t194 + 0x88))) goto 0x28028f9d;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t153 + 0x20)) !=  *((intOrPtr*)(_t153 + 0x18))) goto 0x28028fac;
				E00007FF77FF7280044B8();
				 *((intOrPtr*)(_t194 + 0x20)) = r13d;
				r9d = __ebp;
				E00007FF77FF7280277F0(_t181 + 0x20,  *((intOrPtr*)(_t153 + 0x18)), _t181,  *((intOrPtr*)(_t194 + 0x88)));
				_t175 =  *((intOrPtr*)(_t181 + 0x260));
				if ( *((intOrPtr*)(_t181 + 0x258)) - _t175 <= 0) goto 0x28028fd9;
				E00007FF77FF7280044B8();
				 *((long long*)(_t194 + 0x60)) =  *((intOrPtr*)(_t181 + 0x240));
				 *((long long*)(_t194 + 0x68)) = _t175;
				_t148 =  *((intOrPtr*)(_t194 + 0x90));
				if ( *((intOrPtr*)(_t194 + 0x88)) - _t148 <= 0) goto 0x28029017;
				E00007FF77FF7280044B8();
				_t177 =  *((intOrPtr*)(_t194 + 0x88));
				 *((long long*)(_t194 + 0x40)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x48)) = _t148;
				if (_t177 -  *((intOrPtr*)(_t194 + 0x90)) <= 0) goto 0x28029035;
				E00007FF77FF7280044B8();
				 *((long long*)(_t194 + 0x50)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x58)) = _t177;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) =  *(_t194 + 0xc8) & 0x000000ff;
				E00007FF77FF727FF9750(_t112, _t153, _t181 + 0x240, _t194 + 0x60, _t181, _t194 + 0x50, _t194 + 0x40);
				_t178 =  *((intOrPtr*)(_t153 + 0x18));
				if (_t178 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0x28029096;
				E00007FF77FF7280044B8();
				_t182 =  *_t153;
				if (_t182 != 0) goto 0x280290a8;
				E00007FF77FF7280044B8();
				goto 0x280290ab;
				_t179 = _t178 + _t207;
				if (_t179 -  *((intOrPtr*)( *_t182 + 0x20)) > 0) goto 0x280290c7;
				if (_t182 == 0) goto 0x280290be;
				goto 0x280290c1;
				if (_t179 -  *((intOrPtr*)(_t208 + 0x18)) >= 0) goto 0x280290cc;
				E00007FF77FF7280044B8();
				_t183 =  *((intOrPtr*)(_t153 + 0x18));
				if (_t183 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0x280290db;
				E00007FF77FF7280044B8();
				if (_t153 == 0) goto 0x280290ec;
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t183 > 0) goto 0x280290ec;
				if (_t183 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0x280290f1;
				E00007FF77FF7280044B8();
				_t190 =  *_t153;
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t179 > 0) goto 0x28029100;
				if (_t179 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0x28029105;
				E00007FF77FF7280044B8();
				if (_t190 == 0) goto 0x2802910f;
				if (_t190 ==  *_t153) goto 0x28029114;
				E00007FF77FF7280044B8();
				if (_t183 == _t179) goto 0x2802913b;
				_t171 =  *((intOrPtr*)(_t153 + 0x20)) - _t179;
				if (_t171 <= 0) goto 0x28029137;
				E00007FF77FF728004070(_t183, _t171, _t179, _t171);
				 *((long long*)(_t153 + 0x20)) = _t171 + _t183;
				if ( *((intOrPtr*)(_t194 + 0x88)) == 0) goto 0x2802914d;
				E00007FF77FF7280044D8(_t208, _t153,  *((intOrPtr*)(_t194 + 0x88)), _t171, _t183, _t179, _t171);
				 *((long long*)(_t194 + 0x88)) = _t208;
				 *((long long*)(_t194 + 0x90)) = _t208;
				 *((long long*)(_t194 + 0x98)) = _t208;
				E00007FF77FF7280044D8(_t208, _t153,  *((intOrPtr*)(_t194 + 0x70)), _t171, _t183, _t179, _t171);
				goto 0x28029175;
				return 1;
			}
























                                                                                                                                                                                                    0x7ff728028e80
                                                                                                                                                                                                    0x7ff728028e80
                                                                                                                                                                                                    0x7ff728028e88
                                                                                                                                                                                                    0x7ff728028e8f
                                                                                                                                                                                                    0x7ff728028e98
                                                                                                                                                                                                    0x7ff728028e9c
                                                                                                                                                                                                    0x7ff728028ea0
                                                                                                                                                                                                    0x7ff728028ea7
                                                                                                                                                                                                    0x7ff728028eaa
                                                                                                                                                                                                    0x7ff728028eb0
                                                                                                                                                                                                    0x7ff728028eb9
                                                                                                                                                                                                    0x7ff728028ebf
                                                                                                                                                                                                    0x7ff728028ec6
                                                                                                                                                                                                    0x7ff728028ece
                                                                                                                                                                                                    0x7ff728028ed0
                                                                                                                                                                                                    0x7ff728028ed8
                                                                                                                                                                                                    0x7ff728028edd
                                                                                                                                                                                                    0x7ff728028ee2
                                                                                                                                                                                                    0x7ff728028ee7
                                                                                                                                                                                                    0x7ff728028ef9
                                                                                                                                                                                                    0x7ff728028f08
                                                                                                                                                                                                    0x7ff728028f17
                                                                                                                                                                                                    0x7ff728028f27
                                                                                                                                                                                                    0x7ff728028f2b
                                                                                                                                                                                                    0x7ff728028f34
                                                                                                                                                                                                    0x7ff728028f37
                                                                                                                                                                                                    0x7ff728028f44
                                                                                                                                                                                                    0x7ff728028f49
                                                                                                                                                                                                    0x7ff728028f4f
                                                                                                                                                                                                    0x7ff728028f56
                                                                                                                                                                                                    0x7ff728028f59
                                                                                                                                                                                                    0x7ff728028f5e
                                                                                                                                                                                                    0x7ff728028f63
                                                                                                                                                                                                    0x7ff728028f75
                                                                                                                                                                                                    0x7ff728028f8e
                                                                                                                                                                                                    0x7ff728028f90
                                                                                                                                                                                                    0x7ff728028fa5
                                                                                                                                                                                                    0x7ff728028fa7
                                                                                                                                                                                                    0x7ff728028fb0
                                                                                                                                                                                                    0x7ff728028fb5
                                                                                                                                                                                                    0x7ff728028fbf
                                                                                                                                                                                                    0x7ff728028fc4
                                                                                                                                                                                                    0x7ff728028fd2
                                                                                                                                                                                                    0x7ff728028fd4
                                                                                                                                                                                                    0x7ff728028fe0
                                                                                                                                                                                                    0x7ff728028fe5
                                                                                                                                                                                                    0x7ff728028fea
                                                                                                                                                                                                    0x7ff728029000
                                                                                                                                                                                                    0x7ff728029002
                                                                                                                                                                                                    0x7ff72802900f
                                                                                                                                                                                                    0x7ff72802901c
                                                                                                                                                                                                    0x7ff728029021
                                                                                                                                                                                                    0x7ff728029029
                                                                                                                                                                                                    0x7ff72802902b
                                                                                                                                                                                                    0x7ff728029035
                                                                                                                                                                                                    0x7ff72802903a
                                                                                                                                                                                                    0x7ff72802903f
                                                                                                                                                                                                    0x7ff728029044
                                                                                                                                                                                                    0x7ff72802904a
                                                                                                                                                                                                    0x7ff72802904f
                                                                                                                                                                                                    0x7ff728029055
                                                                                                                                                                                                    0x7ff72802905a
                                                                                                                                                                                                    0x7ff728029068
                                                                                                                                                                                                    0x7ff728029082
                                                                                                                                                                                                    0x7ff728029087
                                                                                                                                                                                                    0x7ff72802908f
                                                                                                                                                                                                    0x7ff728029091
                                                                                                                                                                                                    0x7ff728029096
                                                                                                                                                                                                    0x7ff72802909c
                                                                                                                                                                                                    0x7ff72802909e
                                                                                                                                                                                                    0x7ff7280290a6
                                                                                                                                                                                                    0x7ff7280290ab
                                                                                                                                                                                                    0x7ff7280290b2
                                                                                                                                                                                                    0x7ff7280290b7
                                                                                                                                                                                                    0x7ff7280290bc
                                                                                                                                                                                                    0x7ff7280290c5
                                                                                                                                                                                                    0x7ff7280290c7
                                                                                                                                                                                                    0x7ff7280290cc
                                                                                                                                                                                                    0x7ff7280290d4
                                                                                                                                                                                                    0x7ff7280290d6
                                                                                                                                                                                                    0x7ff7280290de
                                                                                                                                                                                                    0x7ff7280290e4
                                                                                                                                                                                                    0x7ff7280290ea
                                                                                                                                                                                                    0x7ff7280290ec
                                                                                                                                                                                                    0x7ff7280290f1
                                                                                                                                                                                                    0x7ff7280290f8
                                                                                                                                                                                                    0x7ff7280290fe
                                                                                                                                                                                                    0x7ff728029100
                                                                                                                                                                                                    0x7ff728029108
                                                                                                                                                                                                    0x7ff72802910d
                                                                                                                                                                                                    0x7ff72802910f
                                                                                                                                                                                                    0x7ff728029117
                                                                                                                                                                                                    0x7ff72802911d
                                                                                                                                                                                                    0x7ff728029127
                                                                                                                                                                                                    0x7ff728029132
                                                                                                                                                                                                    0x7ff728029137
                                                                                                                                                                                                    0x7ff728029146
                                                                                                                                                                                                    0x7ff728029148
                                                                                                                                                                                                    0x7ff72802914d
                                                                                                                                                                                                    0x7ff728029155
                                                                                                                                                                                                    0x7ff72802915d
                                                                                                                                                                                                    0x7ff72802916a
                                                                                                                                                                                                    0x7ff728029171
                                                                                                                                                                                                    0x7ff728029191

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: 0262d0dafc344c9128b52d1992c683ba543df2f7131d274a0e5fc425fc83073a
                                                                                                                                                                                                    • Instruction ID: 6b3d928bf3c171c6a735ab72c31770037e4b88eec2408b56872c7b4621e822ee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0262d0dafc344c9128b52d1992c683ba543df2f7131d274a0e5fc425fc83073a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF917226908B8586E670BB25EC402ADE3A5FB84B94F944132DA9C177CDCF7DE441CB68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728029680 Relevance: 19.7, APIs: 13, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF77FF728029680(void* __ebx, void* __edx, void* __rcx, void* __rdx) {
				long long _v56;
				long long _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				char _v120;
				long long _v128;
				char _v136;
				long long _v144;
				char _v152;
				signed int _v168;
				char _v184;
				void* __rbx;
				void* __rsi;
				void* _t100;
				signed int _t106;
				long long _t136;
				intOrPtr* _t143;
				void* _t158;
				void* _t159;
				intOrPtr _t160;
				void* _t161;
				long long _t162;
				long long _t164;
				long long _t165;
				long long _t166;
				intOrPtr* _t167;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;
				void* _t182;

				_t100 = __edx;
				_v56 = 0xfffffffe;
				_t106 = r8d;
				_t182 = __rdx;
				_t159 = __rcx;
				if (__rdx == 0) goto 0x28029950;
				if (r8d == 0) goto 0x28029950;
				_t143 = __rcx + 0x210;
				_t162 =  *((intOrPtr*)(_t143 + 0x20));
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t162 <= 0) goto 0x280296cb;
				E00007FF77FF7280044B8();
				_v152 =  *_t143;
				_v144 = _t162;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm0");
				_v184 = _v168 & 0x000000ff;
				E00007FF77FF727FFD1A0(_t100, _t143, _t143,  &_v136, _t162, __rdx, __rdx + _t169);
				_t136 =  *((intOrPtr*)(_t143 + 0x20)) -  *((intOrPtr*)(_t143 + 0x18));
				if (_t136 - 1 >= 0) goto 0x28029723;
				goto 0x28029952;
				_v168 = 0;
				E00007FF77FF7280045E0(_t136, _t143);
				if (_t136 == 0) goto 0x28029744;
				 *_t136 =  &_v120;
				goto 0x28029746;
				_v120 = _t136;
				r12d =  *(_t159 + 0x2a4) * _t106;
				E00007FF77FF727FF4CA0(_t136, _t143,  &_v120,  &_v136, _t162,  &_v168);
				if (_v88 != _v96) goto 0x28029774;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t143 + 0x20)) !=  *((intOrPtr*)(_t143 + 0x18))) goto 0x28029788;
				E00007FF77FF7280044B8();
				if (_t106 == 0) goto 0x2802979f;
				r9d = _t106;
				E00007FF77FF728027870(_t106, _t159 + 0x20,  *((intOrPtr*)(_t143 + 0x18)), _v96);
				_t164 =  *((intOrPtr*)(_t159 + 0x260));
				if ( *((intOrPtr*)(_t159 + 0x258)) - _t164 <= 0) goto 0x280297b4;
				E00007FF77FF7280044B8();
				_v136 =  *((intOrPtr*)(_t159 + 0x240));
				_v128 = _t164;
				_t165 = _v88;
				if (_v96 - _t165 <= 0) goto 0x280297d9;
				E00007FF77FF7280044B8();
				_v152 = _v120;
				_v144 = _t165;
				_t166 = _v96;
				if (_t166 - _v88 <= 0) goto 0x28029801;
				E00007FF77FF7280044B8();
				_v72 = _v120;
				_v64 = _t166;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x90]");
				asm("movdqa [esp+0x90], xmm1");
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				_v184 = _v168 & 0x000000ff;
				E00007FF77FF727FF9750( *(_t159 + 0x2a4) * _t106, _t143, _t159 + 0x240,  &_v136, _t166,  &_v72,  &_v152);
				_t160 =  *((intOrPtr*)(_t143 + 0x18));
				if (_t160 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0x2802986e;
				E00007FF77FF7280044B8();
				_t167 =  *_t143;
				if (_t167 != 0) goto 0x28029880;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28029883;
				_t161 = _t160 + _t182;
				if (_t161 -  *((intOrPtr*)( *_t167 + 0x20)) > 0) goto 0x2802989e;
				if (_t167 == 0) goto 0x28029896;
				goto 0x28029898;
				if (_t161 -  *((intOrPtr*)( *_t167 + 0x18)) >= 0) goto 0x280298a3;
				E00007FF77FF7280044B8();
				_t168 =  *((intOrPtr*)(_t143 + 0x18));
				if (_t168 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0x280298b2;
				E00007FF77FF7280044B8();
				if (_t143 == 0) goto 0x280298c3;
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t168 > 0) goto 0x280298c3;
				if (_t168 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0x280298c8;
				E00007FF77FF7280044B8();
				_t171 =  *_t143;
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t161 > 0) goto 0x280298d7;
				if (_t161 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0x280298dc;
				E00007FF77FF7280044B8();
				if (_t171 == 0) goto 0x280298e6;
				if (_t171 ==  *_t143) goto 0x280298eb;
				E00007FF77FF7280044B8();
				if (_t168 == _t161) goto 0x28029912;
				_t158 =  *((intOrPtr*)(_t143 + 0x20)) - _t161;
				if (_t158 <= 0) goto 0x2802990e;
				E00007FF77FF728004070(_t168, _t158, _t161, _t158);
				 *((long long*)(_t143 + 0x20)) = _t158 + _t168;
				if (_v96 == 0) goto 0x28029921;
				E00007FF77FF7280044D8( *_t167, _t143, _v96, _t158, _t168, _t161, _t158);
				_v96 = 0;
				_v88 = 0;
				_v80 = 0;
				E00007FF77FF7280044D8( *_t167, _t143, _v120, _t158, _t168, _t161, _t158);
				goto 0x28029952;
				return 1;
			}



































                                                                                                                                                                                                    0x7ff728029680
                                                                                                                                                                                                    0x7ff72802968e
                                                                                                                                                                                                    0x7ff72802969a
                                                                                                                                                                                                    0x7ff72802969d
                                                                                                                                                                                                    0x7ff7280296a0
                                                                                                                                                                                                    0x7ff7280296a6
                                                                                                                                                                                                    0x7ff7280296af
                                                                                                                                                                                                    0x7ff7280296b5
                                                                                                                                                                                                    0x7ff7280296bc
                                                                                                                                                                                                    0x7ff7280296c4
                                                                                                                                                                                                    0x7ff7280296c6
                                                                                                                                                                                                    0x7ff7280296ce
                                                                                                                                                                                                    0x7ff7280296d3
                                                                                                                                                                                                    0x7ff7280296d8
                                                                                                                                                                                                    0x7ff7280296dd
                                                                                                                                                                                                    0x7ff7280296ec
                                                                                                                                                                                                    0x7ff7280296fb
                                                                                                                                                                                                    0x7ff72802970a
                                                                                                                                                                                                    0x7ff72802971a
                                                                                                                                                                                                    0x7ff72802971e
                                                                                                                                                                                                    0x7ff728029726
                                                                                                                                                                                                    0x7ff728029730
                                                                                                                                                                                                    0x7ff728029738
                                                                                                                                                                                                    0x7ff72802973f
                                                                                                                                                                                                    0x7ff728029742
                                                                                                                                                                                                    0x7ff728029746
                                                                                                                                                                                                    0x7ff72802974b
                                                                                                                                                                                                    0x7ff72802975a
                                                                                                                                                                                                    0x7ff72802976d
                                                                                                                                                                                                    0x7ff72802976f
                                                                                                                                                                                                    0x7ff728029781
                                                                                                                                                                                                    0x7ff728029783
                                                                                                                                                                                                    0x7ff72802978a
                                                                                                                                                                                                    0x7ff728029790
                                                                                                                                                                                                    0x7ff72802979a
                                                                                                                                                                                                    0x7ff72802979f
                                                                                                                                                                                                    0x7ff7280297ad
                                                                                                                                                                                                    0x7ff7280297af
                                                                                                                                                                                                    0x7ff7280297bb
                                                                                                                                                                                                    0x7ff7280297c0
                                                                                                                                                                                                    0x7ff7280297c5
                                                                                                                                                                                                    0x7ff7280297d2
                                                                                                                                                                                                    0x7ff7280297d4
                                                                                                                                                                                                    0x7ff7280297de
                                                                                                                                                                                                    0x7ff7280297e3
                                                                                                                                                                                                    0x7ff7280297e8
                                                                                                                                                                                                    0x7ff7280297f5
                                                                                                                                                                                                    0x7ff7280297f7
                                                                                                                                                                                                    0x7ff728029801
                                                                                                                                                                                                    0x7ff728029809
                                                                                                                                                                                                    0x7ff728029811
                                                                                                                                                                                                    0x7ff728029816
                                                                                                                                                                                                    0x7ff72802981c
                                                                                                                                                                                                    0x7ff728029824
                                                                                                                                                                                                    0x7ff72802982d
                                                                                                                                                                                                    0x7ff728029832
                                                                                                                                                                                                    0x7ff72802983d
                                                                                                                                                                                                    0x7ff72802985a
                                                                                                                                                                                                    0x7ff72802985f
                                                                                                                                                                                                    0x7ff728029867
                                                                                                                                                                                                    0x7ff728029869
                                                                                                                                                                                                    0x7ff72802986e
                                                                                                                                                                                                    0x7ff728029874
                                                                                                                                                                                                    0x7ff728029876
                                                                                                                                                                                                    0x7ff72802987b
                                                                                                                                                                                                    0x7ff72802987e
                                                                                                                                                                                                    0x7ff728029883
                                                                                                                                                                                                    0x7ff72802988a
                                                                                                                                                                                                    0x7ff72802988f
                                                                                                                                                                                                    0x7ff728029894
                                                                                                                                                                                                    0x7ff72802989c
                                                                                                                                                                                                    0x7ff72802989e
                                                                                                                                                                                                    0x7ff7280298a3
                                                                                                                                                                                                    0x7ff7280298ab
                                                                                                                                                                                                    0x7ff7280298ad
                                                                                                                                                                                                    0x7ff7280298b5
                                                                                                                                                                                                    0x7ff7280298bb
                                                                                                                                                                                                    0x7ff7280298c1
                                                                                                                                                                                                    0x7ff7280298c3
                                                                                                                                                                                                    0x7ff7280298c8
                                                                                                                                                                                                    0x7ff7280298cf
                                                                                                                                                                                                    0x7ff7280298d5
                                                                                                                                                                                                    0x7ff7280298d7
                                                                                                                                                                                                    0x7ff7280298df
                                                                                                                                                                                                    0x7ff7280298e4
                                                                                                                                                                                                    0x7ff7280298e6
                                                                                                                                                                                                    0x7ff7280298ee
                                                                                                                                                                                                    0x7ff7280298f4
                                                                                                                                                                                                    0x7ff7280298fe
                                                                                                                                                                                                    0x7ff728029909
                                                                                                                                                                                                    0x7ff72802990e
                                                                                                                                                                                                    0x7ff72802991a
                                                                                                                                                                                                    0x7ff72802991c
                                                                                                                                                                                                    0x7ff728029921
                                                                                                                                                                                                    0x7ff72802992a
                                                                                                                                                                                                    0x7ff728029936
                                                                                                                                                                                                    0x7ff728029947
                                                                                                                                                                                                    0x7ff72802994e
                                                                                                                                                                                                    0x7ff72802995f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$_errnomalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1149948996-0
                                                                                                                                                                                                    • Opcode ID: 862ef2bf900044cd6533764cdbe942e68350a6ca9e47dc2d25e2abce830e237e
                                                                                                                                                                                                    • Instruction ID: b9f80cf9bd3aedb9d6c39b5b7a172d2a3890076738ce6ea6687576d8fa5085f0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 862ef2bf900044cd6533764cdbe942e68350a6ca9e47dc2d25e2abce830e237e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71816322E08A8182E670BF25DC007ADE3A4FF84B94F944133EA9C176DDDF6DE4518B64
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800953C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF77FF72800953C(void* __eflags, void* __rax, void* __rcx, signed int _a8, signed int _a16, void* _a24, long long _a32) {
				char _v80;
				void* _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				long long _v144;
				signed int _v168;
				void* __rbx;
				void* _t79;
				void* _t80;
				void* _t97;
				long long _t98;
				signed int _t101;
				signed int _t106;
				signed int _t124;
				intOrPtr* _t126;
				void* _t127;
				signed long long _t133;

				_t97 = __rax;
				r14d = 0;
				_v168 = r14d;
				_a8 = _a8 & r14d;
				_v128 = _v128 & _t133;
				_v136 = _v136 & _t133;
				E00007FF77FF72800B93C(_t80, __eflags, __rax);
				_t98 =  *((intOrPtr*)(_t97 + 0xf8));
				_a32 = _t98;
				E00007FF77FF72800B93C(_t80, __eflags, _t98);
				_a24 =  *((intOrPtr*)(_t98 + 0xf0));
				_t124 =  *((intOrPtr*)(__rcx + 0x50));
				_a16 = _t124;
				_v144 =  *((intOrPtr*)(__rcx + 0x48));
				_t101 =  *((intOrPtr*)(__rcx + 0x30));
				_v112 = _t101;
				_v104 =  *((intOrPtr*)(__rcx + 0x28));
				E00007FF77FF72800B93C(_t80, __eflags, _t101);
				 *(_t101 + 0xf0) = _t124;
				E00007FF77FF72800B93C(_t80, __eflags, _t101);
				 *((long long*)(_t101 + 0xf8)) =  *((intOrPtr*)(__rcx + 0x40));
				E00007FF77FF72800B93C(_t80, __eflags, _t101);
				E00007FF77FF7280076A4(_t101,  &_v80,  *((intOrPtr*)( *(_t101 + 0xf0) + 0x28)));
				_v120 = _t101;
				_t88 =  *((intOrPtr*)(__rcx + 0x58)) - _t133;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t133) goto 0x28009625;
				_a8 = 1;
				E00007FF77FF72800B93C(_t80,  *((intOrPtr*)(__rcx + 0x58)) - _t133, _t101);
				_t106 =  *((intOrPtr*)(_t101 + 0x138));
				_v136 = _t106;
				E00007FF77FF72800B93C(_t80,  *((intOrPtr*)(__rcx + 0x58)) - _t133, _t101);
				 *(_t101 + 0xf0) = _t106;
				r8d = 0x100;
				E00007FF77FF72802C050(_v112,  *((intOrPtr*)(__rcx + 0x28)), _t127);
				_v128 = _t101;
				_v168 = 1;
				E00007FF77FF72800B93C(_t80, _t88, _t101);
				 *(_t101 + 0x2c0) =  *(_t101 + 0x2c0) & 0x00000000;
				if (_a8 == 0) goto 0x28009699;
				E00007FF77FF7280093E4(1, _a16);
				r8d =  *((intOrPtr*)(_v136 + 0x18));
				RaiseException(??, ??, ??, ??);
				goto 0x280096b4;
				_t126 = _a16;
				r8d =  *((intOrPtr*)(_t126 + 0x18));
				RaiseException(??, ??, ??, ??);
				r14d = _v168;
				E00007FF77FF72800771C(_t101, _v128, _v120);
				if (r14d != 0) goto 0x2800971d;
				if ( *_t126 != 0xe06d7363) goto 0x2800971d;
				if ( *((intOrPtr*)(_t126 + 0x18)) != 4) goto 0x2800971d;
				if ( *((intOrPtr*)(_t126 + 0x20)) == 0x19930520) goto 0x28009706;
				if ( *((intOrPtr*)(_t126 + 0x20)) == 0x19930521) goto 0x28009706;
				if ( *((intOrPtr*)(_t126 + 0x20)) != 0x19930522) goto 0x2800971d;
				if (E00007FF77FF7280076E8(_t101,  *((intOrPtr*)(_t126 + 0x28))) == 0) goto 0x2800971d;
				E00007FF77FF7280093E4(1, _t126);
				E00007FF77FF72800B93C( *_t126, E00007FF77FF7280076E8(_t101,  *((intOrPtr*)(_t126 + 0x28))), _t101);
				 *(_t101 + 0xf0) = _a24;
				_t79 = E00007FF77FF72800B93C( *_t126, E00007FF77FF7280076E8(_t101,  *((intOrPtr*)(_t126 + 0x28))), _t101);
				 *((long long*)(_t101 + 0xf8)) = _a32;
				 *((long long*)( *((intOrPtr*)(_v144 + 0x1c)) +  *_v104)) = 0xfffffffe;
				return _t79;
			}






















                                                                                                                                                                                                    0x7ff72800953c
                                                                                                                                                                                                    0x7ff728009550
                                                                                                                                                                                                    0x7ff728009553
                                                                                                                                                                                                    0x7ff728009558
                                                                                                                                                                                                    0x7ff728009560
                                                                                                                                                                                                    0x7ff728009565
                                                                                                                                                                                                    0x7ff72800956a
                                                                                                                                                                                                    0x7ff72800956f
                                                                                                                                                                                                    0x7ff728009576
                                                                                                                                                                                                    0x7ff72800957e
                                                                                                                                                                                                    0x7ff72800958a
                                                                                                                                                                                                    0x7ff728009592
                                                                                                                                                                                                    0x7ff728009596
                                                                                                                                                                                                    0x7ff7280095a2
                                                                                                                                                                                                    0x7ff7280095ab
                                                                                                                                                                                                    0x7ff7280095af
                                                                                                                                                                                                    0x7ff7280095b8
                                                                                                                                                                                                    0x7ff7280095bd
                                                                                                                                                                                                    0x7ff7280095c2
                                                                                                                                                                                                    0x7ff7280095c9
                                                                                                                                                                                                    0x7ff7280095ce
                                                                                                                                                                                                    0x7ff7280095d5
                                                                                                                                                                                                    0x7ff7280095ea
                                                                                                                                                                                                    0x7ff7280095f2
                                                                                                                                                                                                    0x7ff7280095f7
                                                                                                                                                                                                    0x7ff7280095fb
                                                                                                                                                                                                    0x7ff7280095fd
                                                                                                                                                                                                    0x7ff728009608
                                                                                                                                                                                                    0x7ff72800960d
                                                                                                                                                                                                    0x7ff728009614
                                                                                                                                                                                                    0x7ff728009619
                                                                                                                                                                                                    0x7ff72800961e
                                                                                                                                                                                                    0x7ff728009625
                                                                                                                                                                                                    0x7ff728009633
                                                                                                                                                                                                    0x7ff72800963b
                                                                                                                                                                                                    0x7ff72800964d
                                                                                                                                                                                                    0x7ff728009655
                                                                                                                                                                                                    0x7ff72800965a
                                                                                                                                                                                                    0x7ff728009669
                                                                                                                                                                                                    0x7ff728009678
                                                                                                                                                                                                    0x7ff728009686
                                                                                                                                                                                                    0x7ff728009691
                                                                                                                                                                                                    0x7ff728009697
                                                                                                                                                                                                    0x7ff728009699
                                                                                                                                                                                                    0x7ff7280096a5
                                                                                                                                                                                                    0x7ff7280096ae
                                                                                                                                                                                                    0x7ff7280096b4
                                                                                                                                                                                                    0x7ff7280096d3
                                                                                                                                                                                                    0x7ff7280096db
                                                                                                                                                                                                    0x7ff7280096e3
                                                                                                                                                                                                    0x7ff7280096e9
                                                                                                                                                                                                    0x7ff7280096f2
                                                                                                                                                                                                    0x7ff7280096fb
                                                                                                                                                                                                    0x7ff728009704
                                                                                                                                                                                                    0x7ff728009711
                                                                                                                                                                                                    0x7ff728009718
                                                                                                                                                                                                    0x7ff72800971d
                                                                                                                                                                                                    0x7ff72800972a
                                                                                                                                                                                                    0x7ff728009731
                                                                                                                                                                                                    0x7ff728009736
                                                                                                                                                                                                    0x7ff72800974a
                                                                                                                                                                                                    0x7ff728009765

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$CreateFrameInfo
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 4181383844-1018135373
                                                                                                                                                                                                    • Opcode ID: 37636cbeaf357c96540da33d70be5943baabf356ee6162a4f4101045cc2b1b7a
                                                                                                                                                                                                    • Instruction ID: 0a4c3654299a574474930022ca8a1967e170c096f299acb7abc08469de33fab8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37636cbeaf357c96540da33d70be5943baabf356ee6162a4f4101045cc2b1b7a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E415032A09B8282D670AF15EC403B9F7A4FB84B91F844136DAAD17BD6DF39D0518F14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280291A0 Relevance: 18.3, APIs: 12, Instructions: 262COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF77FF7280291A0(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				char _v152;
				long long _v160;
				char _v168;
				long long _v176;
				char _v184;
				long long _v192;
				char _v200;
				signed int _v216;
				char _v232;
				signed int _t142;
				signed int _t180;
				signed int _t202;
				void* _t209;
				signed long long _t210;
				long long* _t212;
				long long _t218;
				long long* _t220;
				long long* _t223;
				long long _t230;
				signed long long _t238;
				signed long long _t245;
				void* _t264;
				long long _t267;
				long long _t268;
				long long _t269;
				long long _t274;
				long long _t275;
				long long _t276;
				void* _t284;

				_t230 = __rbx;
				_t209 = _t284;
				_v56 = 0xfffffffe;
				 *((long long*)(_t209 + 0x10)) = __rbx;
				 *((long long*)(_t209 + 0x18)) = __rbp;
				 *((long long*)(_t209 + 0x20)) = __rsi;
				_t210 =  *0x28040430; // 0x449f3b8ca6a
				_v48 = _t210 ^ _t284 - 0x000000e0;
				_t264 = __rcx;
				_t212 =  *((intOrPtr*)(__rcx + 0x230));
				if (_t212 !=  *((intOrPtr*)(__rcx + 0x228))) goto 0x28029372;
				E00007FF77FF7280045E0(_t212, __rcx);
				if (_t212 == 0) goto 0x28029216;
				 *_t212 =  &_v152;
				goto 0x28029219;
				_v152 = __rbx;
				_v216 = sil;
				E00007FF77FF727FF4CA0(__rbx, __rbx,  &_v152, __rdx, __rsi,  &_v216);
				if ( *((intOrPtr*)(_t264 + 0x290)) !=  *((intOrPtr*)(_t264 + 0x288))) goto 0x2802924c;
				E00007FF77FF7280044B8();
				if (_v120 != _v128) goto 0x28029275;
				E00007FF77FF7280044B8();
				E00007FF77FF728022840(_v120, _t264 + 0x20, _v128,  *((intOrPtr*)(_t264 + 0x288)));
				_t267 =  *((intOrPtr*)(_t264 + 0x260));
				if ( *((intOrPtr*)(_t264 + 0x258)) - _t267 <= 0) goto 0x28029296;
				E00007FF77FF7280044B8();
				_v184 =  *((intOrPtr*)(_t264 + 0x240));
				_v176 = _t267;
				_t268 =  *((intOrPtr*)(_t264 + 0x290));
				if ( *((intOrPtr*)(_t264 + 0x288)) - _t268 <= 0) goto 0x280292bc;
				E00007FF77FF7280044B8();
				_v168 =  *((intOrPtr*)(_t264 + 0x270));
				_v160 = _t268;
				_t269 =  *((intOrPtr*)(_t264 + 0x288));
				if (_t269 -  *((intOrPtr*)(_t264 + 0x290)) <= 0) goto 0x280292e2;
				E00007FF77FF7280044B8();
				_t218 =  *((intOrPtr*)(_t264 + 0x270));
				_v200 = _t218;
				_v192 = _t269;
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm1");
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				_v232 = _v216 & 0x000000ff;
				E00007FF77FF727FF9750(sil & 0xffffffff, _t230, _t264 + 0x240,  &_v184, _t269,  &_v200,  &_v168);
				if (_v128 == 0) goto 0x2802934b;
				E00007FF77FF7280044D8(_t218, _t230, _v128,  &_v184, _t269,  &_v200,  &_v168);
				_v128 = _t230;
				_v120 = _t230;
				_v112 = _t230;
				_t238 = _v152;
				_t142 = E00007FF77FF7280044D8(_t218, _t230, _t238,  &_v184, _t269,  &_v200,  &_v168);
				goto 0x28029646;
				_t180 = _t142 % _t238;
				if (_t180 != 0) goto 0x2802939f;
				_v216 =  *(_t264 + 0x2a4) & 0x000000ff;
				goto 0x280293c2;
				_v216 = ( *(_t264 + 0x2a4) & 0x000000ff) - _t180;
				_t220 = _t218 -  *((intOrPtr*)(_t238 + 0x228));
				E00007FF77FF7280045E0(_t220, _t238);
				if (_t220 == 0) goto 0x280293dd;
				 *_t220 =  &_v152;
				goto 0x280293e0;
				_v152 = _t230;
				E00007FF77FF727FF4CA0(_t230, _t230,  &_v152, (_t220 + 1) * _t238, _t269,  &_v216);
				if ( *((intOrPtr*)(_t264 + 0x230)) !=  *((intOrPtr*)(_t264 + 0x228))) goto 0x2802941b;
				E00007FF77FF7280044B8();
				_t223 = _v120;
				if (_t223 != _v128) goto 0x28029444;
				E00007FF77FF7280044B8();
				E00007FF77FF72800AE90(8, _t223 - _v128, _v128,  *((intOrPtr*)(_t264 + 0x228)),  *((intOrPtr*)(_t264 + 0x230)) -  *((intOrPtr*)(_t264 + 0x228)));
				_v216 = 0;
				E00007FF77FF7280045E0(_t223, _v128);
				if (_t223 == 0) goto 0x28029470;
				 *_t223 =  &_v104;
				goto 0x28029473;
				_v104 = _t230;
				E00007FF77FF727FF4CA0(_t230, _t230,  &_v104, (_t220 + 1) * _t238,  *((intOrPtr*)(_t264 + 0x228)),  &_v216);
				if (_v72 != _v80) goto 0x280294a8;
				E00007FF77FF7280044B8();
				_t245 = _v120;
				if (_t245 != _v128) goto 0x280294d2;
				_t202 = E00007FF77FF7280044B8() / _t245;
				if (_t202 == 0) goto 0x2802950b;
				r12d =  *(_t264 + 0x20);
				r12d = r12d << 2;
				E00007FF77FF728022840((_t220 + 1) * _t238, _t264 + 0x20, _v128, _v80);
				r13d = r13d + 0xffffffff;
				if (_t202 != 0) goto 0x280294f0;
				_t274 =  *((intOrPtr*)(_t264 + 0x260));
				if ( *((intOrPtr*)(_t264 + 0x258)) - _t274 <= 0) goto 0x28029520;
				E00007FF77FF7280044B8();
				_v168 =  *((intOrPtr*)(_t264 + 0x240));
				_v160 = _t274;
				_t275 = _v72;
				if (_v80 - _t275 <= 0) goto 0x28029548;
				E00007FF77FF7280044B8();
				_v184 = _v104;
				_v176 = _t275;
				_t276 = _v80;
				if (_t276 - _v72 <= 0) goto 0x28029579;
				E00007FF77FF7280044B8();
				_v200 = _v104;
				_v192 = _t276;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				_v232 = _v216 & 0x000000ff;
				E00007FF77FF727FF9750(_t154 % _t245, _t230, _t264 + 0x240,  &_v168, _t276,  &_v200,  &_v184);
				r8d = 0;
				E00007FF77FF727FF4D20(_t264 + 0x210,  &_v168);
				if (_v80 == 0) goto 0x280295ec;
				E00007FF77FF7280044D8(_v104, _t230, _v80,  &_v168, _t276,  &_v200,  &_v184);
				_v80 = _t230;
				_v72 = _t230;
				_v64 = _t230;
				E00007FF77FF7280044D8(_v104, _t230, _v104,  &_v168, _t276,  &_v200,  &_v184);
				if (_v128 == 0) goto 0x28029624;
				E00007FF77FF7280044D8(_v104, _t230, _v128,  &_v168, _t276,  &_v200,  &_v184);
				_v128 = _t230;
				_v120 = _t230;
				_v112 = _t230;
				E00007FF77FF7280044D8(_v104, _t230, _v152,  &_v168, _t276,  &_v200,  &_v184);
				return E00007FF77FF728004050( *(_t264 + 0x2a4), _v48 ^ _t284 - 0x000000e0,  &_v168,  &_v200,  &_v184);
			}










































                                                                                                                                                                                                    0x7ff7280291a0
                                                                                                                                                                                                    0x7ff7280291a0
                                                                                                                                                                                                    0x7ff7280291b3
                                                                                                                                                                                                    0x7ff7280291bf
                                                                                                                                                                                                    0x7ff7280291c3
                                                                                                                                                                                                    0x7ff7280291c7
                                                                                                                                                                                                    0x7ff7280291cb
                                                                                                                                                                                                    0x7ff7280291d5
                                                                                                                                                                                                    0x7ff7280291dd
                                                                                                                                                                                                    0x7ff7280291e0
                                                                                                                                                                                                    0x7ff7280291ee
                                                                                                                                                                                                    0x7ff728029200
                                                                                                                                                                                                    0x7ff72802920a
                                                                                                                                                                                                    0x7ff728029211
                                                                                                                                                                                                    0x7ff728029214
                                                                                                                                                                                                    0x7ff728029219
                                                                                                                                                                                                    0x7ff72802921e
                                                                                                                                                                                                    0x7ff728029231
                                                                                                                                                                                                    0x7ff728029245
                                                                                                                                                                                                    0x7ff728029247
                                                                                                                                                                                                    0x7ff728029266
                                                                                                                                                                                                    0x7ff728029268
                                                                                                                                                                                                    0x7ff72802927c
                                                                                                                                                                                                    0x7ff728029281
                                                                                                                                                                                                    0x7ff72802928f
                                                                                                                                                                                                    0x7ff728029291
                                                                                                                                                                                                    0x7ff72802929d
                                                                                                                                                                                                    0x7ff7280292a2
                                                                                                                                                                                                    0x7ff7280292a7
                                                                                                                                                                                                    0x7ff7280292b5
                                                                                                                                                                                                    0x7ff7280292b7
                                                                                                                                                                                                    0x7ff7280292c3
                                                                                                                                                                                                    0x7ff7280292c8
                                                                                                                                                                                                    0x7ff7280292cd
                                                                                                                                                                                                    0x7ff7280292db
                                                                                                                                                                                                    0x7ff7280292dd
                                                                                                                                                                                                    0x7ff7280292e2
                                                                                                                                                                                                    0x7ff7280292e9
                                                                                                                                                                                                    0x7ff7280292ee
                                                                                                                                                                                                    0x7ff7280292f3
                                                                                                                                                                                                    0x7ff7280292f8
                                                                                                                                                                                                    0x7ff7280292fe
                                                                                                                                                                                                    0x7ff728029303
                                                                                                                                                                                                    0x7ff728029309
                                                                                                                                                                                                    0x7ff72802930e
                                                                                                                                                                                                    0x7ff728029319
                                                                                                                                                                                                    0x7ff728029333
                                                                                                                                                                                                    0x7ff728029344
                                                                                                                                                                                                    0x7ff728029346
                                                                                                                                                                                                    0x7ff72802934b
                                                                                                                                                                                                    0x7ff728029353
                                                                                                                                                                                                    0x7ff72802935b
                                                                                                                                                                                                    0x7ff728029363
                                                                                                                                                                                                    0x7ff728029368
                                                                                                                                                                                                    0x7ff72802936d
                                                                                                                                                                                                    0x7ff728029387
                                                                                                                                                                                                    0x7ff72802938c
                                                                                                                                                                                                    0x7ff728029395
                                                                                                                                                                                                    0x7ff72802939d
                                                                                                                                                                                                    0x7ff7280293a8
                                                                                                                                                                                                    0x7ff7280293b4
                                                                                                                                                                                                    0x7ff7280293c7
                                                                                                                                                                                                    0x7ff7280293d1
                                                                                                                                                                                                    0x7ff7280293d8
                                                                                                                                                                                                    0x7ff7280293db
                                                                                                                                                                                                    0x7ff7280293e0
                                                                                                                                                                                                    0x7ff7280293f2
                                                                                                                                                                                                    0x7ff728029414
                                                                                                                                                                                                    0x7ff728029416
                                                                                                                                                                                                    0x7ff728029422
                                                                                                                                                                                                    0x7ff728029435
                                                                                                                                                                                                    0x7ff728029437
                                                                                                                                                                                                    0x7ff72802944a
                                                                                                                                                                                                    0x7ff72802944f
                                                                                                                                                                                                    0x7ff728029459
                                                                                                                                                                                                    0x7ff728029461
                                                                                                                                                                                                    0x7ff72802946b
                                                                                                                                                                                                    0x7ff72802946e
                                                                                                                                                                                                    0x7ff728029473
                                                                                                                                                                                                    0x7ff72802948b
                                                                                                                                                                                                    0x7ff7280294a1
                                                                                                                                                                                                    0x7ff7280294a3
                                                                                                                                                                                                    0x7ff7280294b0
                                                                                                                                                                                                    0x7ff7280294c3
                                                                                                                                                                                                    0x7ff7280294e3
                                                                                                                                                                                                    0x7ff7280294e5
                                                                                                                                                                                                    0x7ff7280294e7
                                                                                                                                                                                                    0x7ff7280294eb
                                                                                                                                                                                                    0x7ff7280294fa
                                                                                                                                                                                                    0x7ff728029505
                                                                                                                                                                                                    0x7ff728029509
                                                                                                                                                                                                    0x7ff72802950b
                                                                                                                                                                                                    0x7ff728029519
                                                                                                                                                                                                    0x7ff72802951b
                                                                                                                                                                                                    0x7ff728029527
                                                                                                                                                                                                    0x7ff72802952c
                                                                                                                                                                                                    0x7ff728029531
                                                                                                                                                                                                    0x7ff728029541
                                                                                                                                                                                                    0x7ff728029543
                                                                                                                                                                                                    0x7ff728029550
                                                                                                                                                                                                    0x7ff728029555
                                                                                                                                                                                                    0x7ff72802955a
                                                                                                                                                                                                    0x7ff72802956a
                                                                                                                                                                                                    0x7ff72802956c
                                                                                                                                                                                                    0x7ff728029579
                                                                                                                                                                                                    0x7ff72802957e
                                                                                                                                                                                                    0x7ff728029583
                                                                                                                                                                                                    0x7ff728029588
                                                                                                                                                                                                    0x7ff72802958e
                                                                                                                                                                                                    0x7ff728029593
                                                                                                                                                                                                    0x7ff728029599
                                                                                                                                                                                                    0x7ff72802959e
                                                                                                                                                                                                    0x7ff7280295a9
                                                                                                                                                                                                    0x7ff7280295c3
                                                                                                                                                                                                    0x7ff7280295c8
                                                                                                                                                                                                    0x7ff7280295d4
                                                                                                                                                                                                    0x7ff7280295e5
                                                                                                                                                                                                    0x7ff7280295e7
                                                                                                                                                                                                    0x7ff7280295ec
                                                                                                                                                                                                    0x7ff7280295f4
                                                                                                                                                                                                    0x7ff7280295fc
                                                                                                                                                                                                    0x7ff72802960c
                                                                                                                                                                                                    0x7ff72802961d
                                                                                                                                                                                                    0x7ff72802961f
                                                                                                                                                                                                    0x7ff728029624
                                                                                                                                                                                                    0x7ff72802962c
                                                                                                                                                                                                    0x7ff728029634
                                                                                                                                                                                                    0x7ff728029641
                                                                                                                                                                                                    0x7ff728029676

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: f4cbc4c68556a3b7f8acf23e6ad581c02c96a0da4a1036aa3f1361d0f83fc89d
                                                                                                                                                                                                    • Instruction ID: 300418f6dc77d8051d766f597d84e8207d29c2c257710b542c46af318d6863ee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cbc4c68556a3b7f8acf23e6ad581c02c96a0da4a1036aa3f1361d0f83fc89d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AD18222A0DBC182D664AB65E8406AEF3A4FB85740F844132EBDC53BD9CF7DE455CB24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728018BD0 Relevance: 18.1, APIs: 12, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 28%
                                                                                                                                                                                                    			E00007FF77FF728018BD0(void* __ebx, void* __edx, void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __r12;
				void* _t48;
				void* _t49;
				intOrPtr _t54;
				void* _t66;
				intOrPtr* _t70;
				intOrPtr _t79;
				long long _t83;
				intOrPtr* _t85;
				intOrPtr _t89;

				_t48 = __ebx;
				_v40 = 0xfffffffe;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t83 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0x28018d4e;
				_a8 = __rcx;
				E00007FF77FF728018830(__edx,  *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rsi);
				_t54 =  *((intOrPtr*)(_t83 + 0x10));
				if (_t54 != 0) goto 0x28018c50;
				asm("lock xadd [edi], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0x28018d4e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x28018d4e;
				asm("lock bts dword [edi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x28018d4e;
				E00007FF77FF7280187E0(_t83);
				SetEvent(??);
				goto 0x28018d4e;
				 *((intOrPtr*)(_t83 + 0x10)) =  *((intOrPtr*)(_t83 + 0x10)) -  *((intOrPtr*)(_t83 + 0x10));
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t85 =  *((intOrPtr*)(_t83 + 0x30));
				if (_t85 -  *((intOrPtr*)(_t83 + 0x38)) <= 0) goto 0x28018c76;
				E00007FF77FF7280044B8();
				_t70 =  *((intOrPtr*)(_t83 + 0x18));
				_t89 =  *((intOrPtr*)(_t83 + 0x38));
				if ( *((intOrPtr*)(_t83 + 0x30)) - _t89 <= 0) goto 0x28018c89;
				E00007FF77FF7280044B8();
				if (_t70 == 0) goto 0x28018c9a;
				if (_t70 ==  *((intOrPtr*)(_t83 + 0x18))) goto 0x28018c9f;
				E00007FF77FF7280044B8();
				if (_t85 == _t89) goto 0x28018cfa;
				if (_t70 != 0) goto 0x28018cb3;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018cb6;
				if (_t85 -  *((intOrPtr*)( *_t70 + 0x20)) < 0) goto 0x28018cc1;
				E00007FF77FF7280044B8();
				 *((char*)( *_t85 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t70 != 0) goto 0x28018ce6;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x28018ce9;
				if (_t85 -  *((intOrPtr*)( *_t70 + 0x20)) < 0) goto 0x28018cf4;
				E00007FF77FF7280044B8();
				goto 0x28018c90;
				E00007FF77FF728018120(_t48, _t49,  *((intOrPtr*)( *_t85 + 0x10)), _t70, _t83 + 0x18, __r9,  *((intOrPtr*)(_t83 + 0x18)));
				_t79 =  *((intOrPtr*)(_t83 + 0x48));
				if (_t79 == 0) goto 0x28018d18;
				_t66 = _t79 - 0xffffffff;
				if (_t66 == 0) goto 0x28018d18;
				CloseHandle(??);
				 *((long long*)(_t83 + 0x48)) = 0;
				asm("lock xadd [edi], eax");
				asm("bt eax, 0x1e");
				if (_t66 < 0) goto 0x28018d4e;
				if (0x80000000 - 0x80000000 <= 0) goto 0x28018d4e;
				asm("lock bts dword [edi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0x28018d4e;
				E00007FF77FF7280187E0(_t83);
				return SetEvent(??);
			}














                                                                                                                                                                                                    0x7ff728018bd0
                                                                                                                                                                                                    0x7ff728018bda
                                                                                                                                                                                                    0x7ff728018be3
                                                                                                                                                                                                    0x7ff728018be8
                                                                                                                                                                                                    0x7ff728018bed
                                                                                                                                                                                                    0x7ff728018bf2
                                                                                                                                                                                                    0x7ff728018bfa
                                                                                                                                                                                                    0x7ff728018c00
                                                                                                                                                                                                    0x7ff728018c05
                                                                                                                                                                                                    0x7ff728018c0b
                                                                                                                                                                                                    0x7ff728018c0f
                                                                                                                                                                                                    0x7ff728018c16
                                                                                                                                                                                                    0x7ff728018c1a
                                                                                                                                                                                                    0x7ff728018c1e
                                                                                                                                                                                                    0x7ff728018c29
                                                                                                                                                                                                    0x7ff728018c2f
                                                                                                                                                                                                    0x7ff728018c34
                                                                                                                                                                                                    0x7ff728018c3d
                                                                                                                                                                                                    0x7ff728018c45
                                                                                                                                                                                                    0x7ff728018c4b
                                                                                                                                                                                                    0x7ff728018c57
                                                                                                                                                                                                    0x7ff728018c5a
                                                                                                                                                                                                    0x7ff728018c61
                                                                                                                                                                                                    0x7ff728018c67
                                                                                                                                                                                                    0x7ff728018c6f
                                                                                                                                                                                                    0x7ff728018c71
                                                                                                                                                                                                    0x7ff728018c76
                                                                                                                                                                                                    0x7ff728018c7a
                                                                                                                                                                                                    0x7ff728018c82
                                                                                                                                                                                                    0x7ff728018c84
                                                                                                                                                                                                    0x7ff728018c93
                                                                                                                                                                                                    0x7ff728018c98
                                                                                                                                                                                                    0x7ff728018c9a
                                                                                                                                                                                                    0x7ff728018ca2
                                                                                                                                                                                                    0x7ff728018ca7
                                                                                                                                                                                                    0x7ff728018ca9
                                                                                                                                                                                                    0x7ff728018cae
                                                                                                                                                                                                    0x7ff728018cb1
                                                                                                                                                                                                    0x7ff728018cba
                                                                                                                                                                                                    0x7ff728018cbc
                                                                                                                                                                                                    0x7ff728018cc7
                                                                                                                                                                                                    0x7ff728018ccb
                                                                                                                                                                                                    0x7ff728018cd1
                                                                                                                                                                                                    0x7ff728018cda
                                                                                                                                                                                                    0x7ff728018cdc
                                                                                                                                                                                                    0x7ff728018ce1
                                                                                                                                                                                                    0x7ff728018ce4
                                                                                                                                                                                                    0x7ff728018ced
                                                                                                                                                                                                    0x7ff728018cef
                                                                                                                                                                                                    0x7ff728018cf8
                                                                                                                                                                                                    0x7ff728018cfe
                                                                                                                                                                                                    0x7ff728018d03
                                                                                                                                                                                                    0x7ff728018d0a
                                                                                                                                                                                                    0x7ff728018d0c
                                                                                                                                                                                                    0x7ff728018d10
                                                                                                                                                                                                    0x7ff728018d12
                                                                                                                                                                                                    0x7ff728018d18
                                                                                                                                                                                                    0x7ff728018d25
                                                                                                                                                                                                    0x7ff728018d29
                                                                                                                                                                                                    0x7ff728018d2d
                                                                                                                                                                                                    0x7ff728018d34
                                                                                                                                                                                                    0x7ff728018d36
                                                                                                                                                                                                    0x7ff728018d3b
                                                                                                                                                                                                    0x7ff728018d40
                                                                                                                                                                                                    0x7ff728018d66

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1624490810-0
                                                                                                                                                                                                    • Opcode ID: c0190eb963667e3a822ce395726a3cc2af1d6bc88ac9c223897c4959d47fd861
                                                                                                                                                                                                    • Instruction ID: 0fc5fabe7979f43d2288c7bedb207bb9c3768c0cbf94d3790eebd2a46be82e1b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0190eb963667e3a822ce395726a3cc2af1d6bc88ac9c223897c4959d47fd861
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6419022E09A0286EA70BB25DD04238E361FF40770F945132DA2C47AD1DF3EE5618B6C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800B960 Relevance: 18.1, APIs: 12, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 19%
                                                                                                                                                                                                    			E00007FF77FF72800B960(void* __edi, void* __esi, long long __rbx, void* __rcx, void* __rsi, long long _a8, long long _a16) {
				void* _t15;
				void* _t17;
				long long _t33;
				void* _t36;
				long long _t54;
				void* _t59;
				intOrPtr* _t60;
				void* _t66;

				if (__rcx == 0) goto 0x2800ba94;
				_a16 = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x38)) == 0) goto 0x2800b984;
				free(_t59);
				if ( *((intOrPtr*)(__rcx + 0x48)) == 0) goto 0x2800b992;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x58)) == 0) goto 0x2800b9a0;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x68)) == 0) goto 0x2800b9ae;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x70)) == 0) goto 0x2800b9bc;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x78)) == 0) goto 0x2800b9ca;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x80)) == 0) goto 0x2800b9db;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0xa0)) == 0x28031be0) goto 0x2800b9f3;
				free(??);
				E00007FF77FF72800FF60();
				_t54 =  *((intOrPtr*)(__rcx + 0xb8));
				_a8 = _t54;
				_t33 = _t54;
				if (_t33 == 0) goto 0x2800ba2c;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t33 != 0) goto 0x2800ba2c;
				if (_a8 == 0x28040bb0) goto 0x2800ba2c;
				free(??);
				E00007FF77FF72800FE60();
				E00007FF77FF72800FF60();
				_t60 =  *((intOrPtr*)(__rcx + 0xc0));
				if (_t60 == 0) goto 0x2800ba78;
				E00007FF77FF72800809C(_t15, _t60, _t66);
				_t36 = _t60 -  *0x28040b90; // 0x1034b80
				if (_t36 == 0) goto 0x2800ba78;
				if (_t60 == 0x28040a30) goto 0x2800ba78;
				if ( *_t60 != 0) goto 0x2800ba78;
				_t17 = E00007FF77FF728007E88(__rcx, _t60, __rsi, _t66);
				E00007FF77FF72800FE60();
				free(??);
				return _t17;
			}











                                                                                                                                                                                                    0x7ff72800b963
                                                                                                                                                                                                    0x7ff72800b969
                                                                                                                                                                                                    0x7ff72800b97d
                                                                                                                                                                                                    0x7ff72800b97f
                                                                                                                                                                                                    0x7ff72800b98b
                                                                                                                                                                                                    0x7ff72800b98d
                                                                                                                                                                                                    0x7ff72800b999
                                                                                                                                                                                                    0x7ff72800b99b
                                                                                                                                                                                                    0x7ff72800b9a7
                                                                                                                                                                                                    0x7ff72800b9a9
                                                                                                                                                                                                    0x7ff72800b9b5
                                                                                                                                                                                                    0x7ff72800b9b7
                                                                                                                                                                                                    0x7ff72800b9c3
                                                                                                                                                                                                    0x7ff72800b9c5
                                                                                                                                                                                                    0x7ff72800b9d4
                                                                                                                                                                                                    0x7ff72800b9d6
                                                                                                                                                                                                    0x7ff72800b9ec
                                                                                                                                                                                                    0x7ff72800b9ee
                                                                                                                                                                                                    0x7ff72800b9f8
                                                                                                                                                                                                    0x7ff72800b9fe
                                                                                                                                                                                                    0x7ff72800ba05
                                                                                                                                                                                                    0x7ff72800ba0a
                                                                                                                                                                                                    0x7ff72800ba0d
                                                                                                                                                                                                    0x7ff72800ba0f
                                                                                                                                                                                                    0x7ff72800ba13
                                                                                                                                                                                                    0x7ff72800ba24
                                                                                                                                                                                                    0x7ff72800ba26
                                                                                                                                                                                                    0x7ff72800ba31
                                                                                                                                                                                                    0x7ff72800ba3b
                                                                                                                                                                                                    0x7ff72800ba41
                                                                                                                                                                                                    0x7ff72800ba4b
                                                                                                                                                                                                    0x7ff72800ba50
                                                                                                                                                                                                    0x7ff72800ba55
                                                                                                                                                                                                    0x7ff72800ba5c
                                                                                                                                                                                                    0x7ff72800ba68
                                                                                                                                                                                                    0x7ff72800ba6d
                                                                                                                                                                                                    0x7ff72800ba72
                                                                                                                                                                                                    0x7ff72800ba7d
                                                                                                                                                                                                    0x7ff72800ba85
                                                                                                                                                                                                    0x7ff72800ba94

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_lock$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1575098132-0
                                                                                                                                                                                                    • Opcode ID: e75674a27ccaf353bf9c4577a142a6384d94bbdb2786d43ce8d8575ba90e4d59
                                                                                                                                                                                                    • Instruction ID: c42fbefc2995a9fef7228e4f63ad4c0949995bf98de8cacf8ac5b4736669ea86
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75674a27ccaf353bf9c4577a142a6384d94bbdb2786d43ce8d8575ba90e4d59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05311B11A0F94344FEB4BBA19C6177CE255EF81B84F884537D92E076C6AE1EA8409B3D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFAC50 Relevance: 16.9, APIs: 11, Instructions: 422COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00007FF77FF727FFAC50(long long __rcx, void* __rdx, intOrPtr* __r8, intOrPtr* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t194;
				void* _t197;
				void* _t198;
				intOrPtr _t250;
				signed long long _t256;
				long long* _t263;
				intOrPtr _t265;
				intOrPtr _t267;
				intOrPtr _t278;
				intOrPtr* _t283;
				intOrPtr _t288;
				intOrPtr _t295;
				intOrPtr _t298;
				intOrPtr _t300;
				long long _t303;
				long long _t305;
				long long _t306;
				long long _t307;
				intOrPtr _t308;
				long long _t309;
				long long _t310;
				intOrPtr _t311;
				signed long long _t312;
				long long* _t314;
				intOrPtr* _t315;
				intOrPtr* _t327;
				intOrPtr* _t329;
				intOrPtr _t330;
				intOrPtr* _t336;
				long long* _t341;
				long long* _t369;
				long long* _t370;
				long long* _t372;
				signed long long _t374;
				long long* _t375;
				long long* _t377;
				signed long long _t378;
				signed long long _t380;
				signed long long _t382;
				intOrPtr* _t386;
				intOrPtr* _t387;
				intOrPtr _t389;
				long long _t391;
				long long _t392;
				intOrPtr _t393;
				long long _t395;
				long long _t396;
				signed long long _t397;
				intOrPtr _t413;
				intOrPtr* _t415;
				void* _t416;
				long long _t417;

				 *((long long*)(_t397 + 0x160)) = 0xfffffffe;
				asm("movaps [esp+0x1b0], xmm6");
				_t256 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t397 + 0x1a8) = _t256 ^ _t397;
				_t415 = __r8;
				_t416 = __rdx;
				_t396 = __rcx;
				_t314 = _t397 + 0xe0;
				 *_t314 =  *((intOrPtr*)(__r9));
				 *((long long*)(_t314 + 8)) =  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t314 + 0x10)) =  *((intOrPtr*)(__r9 + 0x10));
				 *((long long*)(_t314 + 0x18)) =  *((intOrPtr*)(__r9 + 0x18));
				_t369 = _t397 + 0x100;
				_t315 =  *((intOrPtr*)(_t397 + 0x220));
				 *_t369 =  *_t315;
				_t263 =  *((intOrPtr*)(_t315 + 8));
				 *((long long*)(_t369 + 8)) = _t263;
				E00007FF77FF7280045E0(_t263, _t315);
				r14d = 0;
				if (_t263 == 0) goto 0x27ffacf4;
				 *_t263 = _t397 + 0xa0;
				goto 0x27ffacf7;
				 *((long long*)(_t397 + 0xa0)) = _t417;
				 *((long long*)(_t397 + 0xc0)) = _t417;
				 *((long long*)(_t397 + 0xc8)) = _t417;
				 *((long long*)(_t397 + 0xd0)) = _t417;
				 *((long long*)(_t397 + 0xd8)) = _t417;
				_t265 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t265 - 8 < 0) goto 0x27ffad32;
				goto 0x27ffad39;
				_t386 = _t396 + 8;
				_t303 = _t386;
				if (_t303 == 0) goto 0x27ffad6c;
				if (_t265 - 8 < 0) goto 0x27ffad49;
				goto 0x27ffad4c;
				if (_t386 - _t303 > 0) goto 0x27ffad6c;
				if (_t265 - 8 < 0) goto 0x27ffad5c;
				goto 0x27ffad5f;
				if (_t303 - _t386 +  *(_t396 + 0x18) * 2 <= 0) goto 0x27ffad71;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x80)) = _t396;
				 *((long long*)(_t397 + 0x88)) = _t303;
				_t267 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t267 - 8 < 0) goto 0x27ffad90;
				goto 0x27ffad93;
				_t305 = _t386;
				if (_t305 == 0) goto 0x27ffadc6;
				if (_t267 - 8 < 0) goto 0x27ffada3;
				goto 0x27ffada6;
				if (_t386 - _t305 > 0) goto 0x27ffadc6;
				if (_t267 - 8 < 0) goto 0x27ffadb6;
				goto 0x27ffadb9;
				if (_t305 - _t386 +  *(_t396 + 0x18) * 2 <= 0) goto 0x27ffadcb;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x90)) = _t396;
				 *((long long*)(_t397 + 0x98)) = _t305;
				_t389 =  *((intOrPtr*)(_t397 + 0xe0));
				asm("movaps xmm6, [esp+0x80]");
				if (_t389 == 0xfffffffc) goto 0x27ffae0a;
				if (_t389 == 0) goto 0x27ffae05;
				if (_t389 ==  *((intOrPtr*)(_t397 + 0xf0))) goto 0x27ffae0a;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t397 + 0xe8)) ==  *((intOrPtr*)(_t397 + 0xf8))) goto 0x27ffb04c;
				_t370 = _t397 + 0x150;
				_t327 = _t397 + 0xe0;
				 *_t370 =  *_t327;
				 *((long long*)(_t370 + 8)) =  *((intOrPtr*)(_t327 + 8));
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0x170], xmm0");
				asm("movdqa [esp+0x140], xmm6");
				 *((long long*)(_t397 + 0x30)) = _t397 + 0x150;
				 *((long long*)(_t397 + 0x28)) = _t397 + 0x170;
				 *((long long*)(_t397 + 0x20)) = _t397 + 0x140;
				E00007FF77FF727FFB470(_t397 + 0x130, _t397 + 0xa0);
				asm("movaps xmm6, [esp+0x130]");
				_t372 = _t397 + 0x90;
				_t329 = _t397 + 0xf0;
				 *_t372 =  *_t329;
				 *((long long*)(_t372 + 8)) =  *((intOrPtr*)(_t329 + 8));
				_t330 =  *((intOrPtr*)(_t397 + 0xd0));
				_t391 =  *((intOrPtr*)(_t397 + 0xd8)) + _t330;
				if (_t330 - _t391 <= 0) goto 0x27ffaedf;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x80)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x88)) = _t391;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x120], xmm0");
				 *((char*)(_t397 + 0x20)) =  *(_t397 + 0x40) & 0x000000ff;
				E00007FF77FF727FFBE60(_t305, _t397 + 0xa0, _t397 + 0x120, _t391,  *((intOrPtr*)(_t397 + 0x100)),  *((intOrPtr*)(_t397 + 0x108)));
				_t278 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t278 - 8 < 0) goto 0x27ffaf40;
				goto 0x27ffaf43;
				_t374 =  *(_t396 + 0x18);
				_t392 = _t386 + _t374 * 2;
				if (_t392 == 0) goto 0x27ffaf7a;
				if (_t278 - 8 < 0) goto 0x27ffaf5b;
				goto 0x27ffaf5e;
				if (_t386 - _t392 > 0) goto 0x27ffaf7a;
				if (_t278 - 8 < 0) goto 0x27ffaf6e;
				goto 0x27ffaf71;
				if (_t392 - _t386 + _t374 * 2 <= 0) goto 0x27ffaf7f;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t392;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x70], xmm0");
				_t375 = _t397 + 0x60;
				_t336 = _t397 + 0xf0;
				 *_t375 =  *_t336;
				_t283 =  *((intOrPtr*)(_t336 + 8));
				 *((long long*)(_t375 + 8)) = _t283;
				E00007FF77FF727FFA9F0(_t305, _t416, _t397 + 0x180, _t392, _t397 + 0x60, _t397 + 0x70);
				_t377 = _t397 + 0xe0;
				 *_t377 =  *_t283;
				 *((long long*)(_t377 + 8)) =  *((intOrPtr*)(_t283 + 8));
				 *((long long*)(_t377 + 0x10)) =  *((intOrPtr*)(_t283 + 0x10));
				 *((long long*)(_t377 + 0x18)) =  *((intOrPtr*)(_t283 + 0x18));
				_t393 =  *((intOrPtr*)(_t397 + 0xe0));
				if (_t393 == 0xfffffffc) goto 0x27ffb011;
				if (_t393 == 0) goto 0x27ffb00c;
				if (_t393 ==  *((intOrPtr*)(_t397 + 0xf0))) goto 0x27ffb011;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t397 + 0xe8)) ==  *((intOrPtr*)(_t397 + 0xf8))) goto 0x27ffadf0;
				_t341 = _t397 + 0x100;
				 *_t341 =  *_t415;
				 *((long long*)(_t341 + 8)) =  *((intOrPtr*)(_t415 + 8));
				goto 0x27ffadf0;
				_t288 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t288 - 8 < 0) goto 0x27ffb05b;
				goto 0x27ffb05e;
				_t378 =  *(_t396 + 0x18);
				_t306 = _t386 + _t378 * 2;
				if (_t306 == 0) goto 0x27ffb095;
				if (_t288 - 8 < 0) goto 0x27ffb076;
				goto 0x27ffb079;
				if (_t386 - _t306 > 0) goto 0x27ffb095;
				if (_t288 - 8 < 0) goto 0x27ffb089;
				goto 0x27ffb08c;
				if (_t306 - _t386 + _t378 * 2 <= 0) goto 0x27ffb09a;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t306;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x90]");
				asm("movdqa [esp+0x70], xmm1");
				asm("movdqa [esp+0x120], xmm6");
				 *((long long*)(_t397 + 0x30)) = _t397 + 0x60;
				 *((long long*)(_t397 + 0x28)) = _t397 + 0x70;
				 *((long long*)(_t397 + 0x20)) = _t397 + 0x120;
				E00007FF77FF727FFB470(_t397 + 0x130, _t397 + 0xa0);
				_t413 =  *((intOrPtr*)(_t397 + 0xd8));
				if (_t413 != 0) goto 0x27ffb1a0;
				_t295 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t295 - 8 < 0) goto 0x27ffb124;
				goto 0x27ffb127;
				_t380 =  *(_t396 + 0x18);
				_t307 = _t386 + _t380 * 2;
				if (_t307 == 0) goto 0x27ffb159;
				if (_t295 - 8 < 0) goto 0x27ffb13f;
				goto 0x27ffb142;
				if (_t386 - _t307 > 0) goto 0x27ffb159;
				if (_t295 - 8 < 0) goto 0x27ffb150;
				_t387 =  *_t386;
				if (_t307 - _t387 + _t380 * 2 <= 0) goto 0x27ffb15e;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t307;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x130]");
				asm("movdqa [esp+0x70], xmm1");
				E00007FF77FF727FF4940(_t307, _t396, _t397 + 0x120,  *((intOrPtr*)(_t397 + 0xe0)), _t396, _t397 + 0x70, _t397 + 0x60);
				goto 0x27ffb2f3;
				_t308 =  *((intOrPtr*)(_t397 + 0xd0));
				_t395 = _t413 + _t308;
				if (_t308 - _t395 <= 0) goto 0x27ffb1c6;
				E00007FF77FF7280044B8();
				_t309 =  *((intOrPtr*)(_t397 + 0xd0));
				 *((long long*)(_t397 + 0x50)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x58)) = _t395;
				if (_t309 -  *((intOrPtr*)(_t397 + 0xd8)) + _t309 <= 0) goto 0x27ffb1ee;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x80)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x88)) = _t309;
				_t298 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t298 - 8 < 0) goto 0x27ffb20d;
				goto 0x27ffb210;
				_t382 =  *(_t396 + 0x18);
				_t310 = _t387 + _t382 * 2;
				if (_t310 == 0) goto 0x27ffb242;
				if (_t298 - 8 < 0) goto 0x27ffb228;
				goto 0x27ffb22b;
				if (_t387 - _t310 > 0) goto 0x27ffb242;
				if (_t298 - 8 < 0) goto 0x27ffb239;
				if (_t310 -  *_t387 + _t382 * 2 <= 0) goto 0x27ffb247;
				E00007FF77FF7280044B8();
				 *((long long*)(_t397 + 0x90)) = _t396;
				 *((long long*)(_t397 + 0x98)) = _t310;
				 *((long long*)(_t397 + 0x1a0)) = 7;
				 *((long long*)(_t397 + 0x198)) = _t417;
				 *((intOrPtr*)(_t397 + 0x188)) = r14w;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0x70], xmm1");
				r9d =  *(_t397 + 0x40) & 0x000000ff;
				E00007FF77FF727FFC2A0( *(_t397 + 0x40) & 0x000000ff, _t197, _t198, _t310, _t397 + 0x180, _t397 + 0x70, _t395, _t396, _t397 + 0x60, _t397 + 0x60);
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				_t412 = _t397 + 0x180;
				_t405 = _t397 + 0x60;
				_t384 = _t397 + 0x70;
				E00007FF77FF727FF2B00(_t310, _t396, _t397 + 0x70,  *_t387, _t395, _t396, _t397 + 0x60, _t397 + 0x180);
				if ( *((long long*)(_t397 + 0x1a0)) - 8 < 0) goto 0x27ffb2f3;
				E00007FF77FF7280044D8( *_t387 + _t382 * 2, _t310,  *((intOrPtr*)(_t397 + 0x188)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				_t300 =  *((intOrPtr*)(_t397 + 0xd8));
				if (_t300 == 0) goto 0x27ffb31b;
				_t250 = _t300;
				if (_t250 == 0) goto 0x27ffb31b;
				 *((long long*)(_t397 + 0xd8)) = _t300 - 1;
				if (_t250 != 0) goto 0x27ffb300;
				 *((long long*)(_t397 + 0xd0)) = _t417;
				_t311 =  *((intOrPtr*)(_t397 + 0xc8));
				if (_t311 == 0) goto 0x27ffb352;
				_t312 = _t311 - 1;
				if ( *((long long*)( *((intOrPtr*)(_t397 + 0xc0)) + _t312 * 8)) == 0) goto 0x27ffb34b;
				E00007FF77FF7280044D8(_t300 - 1, _t312,  *((intOrPtr*)( *((intOrPtr*)(_t397 + 0xc0)) + _t312 * 8)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				if (_t312 != 0) goto 0x27ffb330;
				goto 0x27ffb35a;
				if ( *((intOrPtr*)(_t397 + 0xc0)) == 0) goto 0x27ffb364;
				E00007FF77FF7280044D8(_t300 - 1, _t312,  *((intOrPtr*)(_t397 + 0xc0)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				 *((long long*)(_t397 + 0xc8)) = _t417;
				 *((long long*)(_t397 + 0xc0)) = _t417;
				E00007FF77FF7280044D8(_t300 - 1, _t312,  *((intOrPtr*)(_t397 + 0xa0)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				_t194 = E00007FF77FF728004050(8,  *(_t397 + 0x1a8) ^ _t397, _t384, _t405, _t412);
				asm("movaps xmm6, [esp+0x1b0]");
				return _t194;
			}



























































                                                                                                                                                                                                    0x7ff727ffac62
                                                                                                                                                                                                    0x7ff727ffac6e
                                                                                                                                                                                                    0x7ff727ffac76
                                                                                                                                                                                                    0x7ff727ffac80
                                                                                                                                                                                                    0x7ff727ffac88
                                                                                                                                                                                                    0x7ff727ffac8b
                                                                                                                                                                                                    0x7ff727ffac8e
                                                                                                                                                                                                    0x7ff727ffac91
                                                                                                                                                                                                    0x7ff727ffac9c
                                                                                                                                                                                                    0x7ff727ffaca3
                                                                                                                                                                                                    0x7ff727ffacab
                                                                                                                                                                                                    0x7ff727ffacb3
                                                                                                                                                                                                    0x7ff727ffacb7
                                                                                                                                                                                                    0x7ff727ffacbf
                                                                                                                                                                                                    0x7ff727ffacca
                                                                                                                                                                                                    0x7ff727ffaccd
                                                                                                                                                                                                    0x7ff727ffacd1
                                                                                                                                                                                                    0x7ff727ffacda
                                                                                                                                                                                                    0x7ff727ffacdf
                                                                                                                                                                                                    0x7ff727fface5
                                                                                                                                                                                                    0x7ff727ffacef
                                                                                                                                                                                                    0x7ff727ffacf2
                                                                                                                                                                                                    0x7ff727ffacf7
                                                                                                                                                                                                    0x7ff727ffacff
                                                                                                                                                                                                    0x7ff727ffad07
                                                                                                                                                                                                    0x7ff727ffad0f
                                                                                                                                                                                                    0x7ff727ffad17
                                                                                                                                                                                                    0x7ff727ffad1f
                                                                                                                                                                                                    0x7ff727ffad27
                                                                                                                                                                                                    0x7ff727ffad30
                                                                                                                                                                                                    0x7ff727ffad32
                                                                                                                                                                                                    0x7ff727ffad36
                                                                                                                                                                                                    0x7ff727ffad3c
                                                                                                                                                                                                    0x7ff727ffad42
                                                                                                                                                                                                    0x7ff727ffad47
                                                                                                                                                                                                    0x7ff727ffad4f
                                                                                                                                                                                                    0x7ff727ffad55
                                                                                                                                                                                                    0x7ff727ffad5a
                                                                                                                                                                                                    0x7ff727ffad6a
                                                                                                                                                                                                    0x7ff727ffad6c
                                                                                                                                                                                                    0x7ff727ffad71
                                                                                                                                                                                                    0x7ff727ffad79
                                                                                                                                                                                                    0x7ff727ffad81
                                                                                                                                                                                                    0x7ff727ffad89
                                                                                                                                                                                                    0x7ff727ffad8e
                                                                                                                                                                                                    0x7ff727ffad90
                                                                                                                                                                                                    0x7ff727ffad96
                                                                                                                                                                                                    0x7ff727ffad9c
                                                                                                                                                                                                    0x7ff727ffada1
                                                                                                                                                                                                    0x7ff727ffada9
                                                                                                                                                                                                    0x7ff727ffadaf
                                                                                                                                                                                                    0x7ff727ffadb4
                                                                                                                                                                                                    0x7ff727ffadc4
                                                                                                                                                                                                    0x7ff727ffadc6
                                                                                                                                                                                                    0x7ff727ffadcb
                                                                                                                                                                                                    0x7ff727ffadd3
                                                                                                                                                                                                    0x7ff727ffade0
                                                                                                                                                                                                    0x7ff727ffade8
                                                                                                                                                                                                    0x7ff727ffadf4
                                                                                                                                                                                                    0x7ff727ffadf9
                                                                                                                                                                                                    0x7ff727ffae03
                                                                                                                                                                                                    0x7ff727ffae05
                                                                                                                                                                                                    0x7ff727ffae1a
                                                                                                                                                                                                    0x7ff727ffae20
                                                                                                                                                                                                    0x7ff727ffae28
                                                                                                                                                                                                    0x7ff727ffae33
                                                                                                                                                                                                    0x7ff727ffae3a
                                                                                                                                                                                                    0x7ff727ffae3e
                                                                                                                                                                                                    0x7ff727ffae46
                                                                                                                                                                                                    0x7ff727ffae4f
                                                                                                                                                                                                    0x7ff727ffae60
                                                                                                                                                                                                    0x7ff727ffae6d
                                                                                                                                                                                                    0x7ff727ffae7a
                                                                                                                                                                                                    0x7ff727ffae97
                                                                                                                                                                                                    0x7ff727ffae9c
                                                                                                                                                                                                    0x7ff727ffaea4
                                                                                                                                                                                                    0x7ff727ffaeac
                                                                                                                                                                                                    0x7ff727ffaeb7
                                                                                                                                                                                                    0x7ff727ffaebe
                                                                                                                                                                                                    0x7ff727ffaec2
                                                                                                                                                                                                    0x7ff727ffaed2
                                                                                                                                                                                                    0x7ff727ffaed8
                                                                                                                                                                                                    0x7ff727ffaeda
                                                                                                                                                                                                    0x7ff727ffaee7
                                                                                                                                                                                                    0x7ff727ffaeef
                                                                                                                                                                                                    0x7ff727ffaef7
                                                                                                                                                                                                    0x7ff727ffaeff
                                                                                                                                                                                                    0x7ff727ffaf08
                                                                                                                                                                                                    0x7ff727ffaf2c
                                                                                                                                                                                                    0x7ff727ffaf31
                                                                                                                                                                                                    0x7ff727ffaf39
                                                                                                                                                                                                    0x7ff727ffaf3e
                                                                                                                                                                                                    0x7ff727ffaf43
                                                                                                                                                                                                    0x7ff727ffaf47
                                                                                                                                                                                                    0x7ff727ffaf4e
                                                                                                                                                                                                    0x7ff727ffaf54
                                                                                                                                                                                                    0x7ff727ffaf59
                                                                                                                                                                                                    0x7ff727ffaf61
                                                                                                                                                                                                    0x7ff727ffaf67
                                                                                                                                                                                                    0x7ff727ffaf6c
                                                                                                                                                                                                    0x7ff727ffaf78
                                                                                                                                                                                                    0x7ff727ffaf7a
                                                                                                                                                                                                    0x7ff727ffaf7f
                                                                                                                                                                                                    0x7ff727ffaf84
                                                                                                                                                                                                    0x7ff727ffaf89
                                                                                                                                                                                                    0x7ff727ffaf8e
                                                                                                                                                                                                    0x7ff727ffaf94
                                                                                                                                                                                                    0x7ff727ffaf99
                                                                                                                                                                                                    0x7ff727ffafa4
                                                                                                                                                                                                    0x7ff727ffafa7
                                                                                                                                                                                                    0x7ff727ffafab
                                                                                                                                                                                                    0x7ff727ffafc4
                                                                                                                                                                                                    0x7ff727ffafc9
                                                                                                                                                                                                    0x7ff727ffafd4
                                                                                                                                                                                                    0x7ff727ffafdb
                                                                                                                                                                                                    0x7ff727ffafe3
                                                                                                                                                                                                    0x7ff727ffafeb
                                                                                                                                                                                                    0x7ff727ffafef
                                                                                                                                                                                                    0x7ff727ffaffb
                                                                                                                                                                                                    0x7ff727ffb000
                                                                                                                                                                                                    0x7ff727ffb00a
                                                                                                                                                                                                    0x7ff727ffb00c
                                                                                                                                                                                                    0x7ff727ffb021
                                                                                                                                                                                                    0x7ff727ffb027
                                                                                                                                                                                                    0x7ff727ffb033
                                                                                                                                                                                                    0x7ff727ffb03b
                                                                                                                                                                                                    0x7ff727ffb047
                                                                                                                                                                                                    0x7ff727ffb04c
                                                                                                                                                                                                    0x7ff727ffb054
                                                                                                                                                                                                    0x7ff727ffb059
                                                                                                                                                                                                    0x7ff727ffb05e
                                                                                                                                                                                                    0x7ff727ffb062
                                                                                                                                                                                                    0x7ff727ffb069
                                                                                                                                                                                                    0x7ff727ffb06f
                                                                                                                                                                                                    0x7ff727ffb074
                                                                                                                                                                                                    0x7ff727ffb07c
                                                                                                                                                                                                    0x7ff727ffb082
                                                                                                                                                                                                    0x7ff727ffb087
                                                                                                                                                                                                    0x7ff727ffb093
                                                                                                                                                                                                    0x7ff727ffb095
                                                                                                                                                                                                    0x7ff727ffb09a
                                                                                                                                                                                                    0x7ff727ffb09f
                                                                                                                                                                                                    0x7ff727ffb0a4
                                                                                                                                                                                                    0x7ff727ffb0a9
                                                                                                                                                                                                    0x7ff727ffb0af
                                                                                                                                                                                                    0x7ff727ffb0b7
                                                                                                                                                                                                    0x7ff727ffb0bd
                                                                                                                                                                                                    0x7ff727ffb0cb
                                                                                                                                                                                                    0x7ff727ffb0d5
                                                                                                                                                                                                    0x7ff727ffb0e2
                                                                                                                                                                                                    0x7ff727ffb0ff
                                                                                                                                                                                                    0x7ff727ffb104
                                                                                                                                                                                                    0x7ff727ffb10f
                                                                                                                                                                                                    0x7ff727ffb115
                                                                                                                                                                                                    0x7ff727ffb11d
                                                                                                                                                                                                    0x7ff727ffb122
                                                                                                                                                                                                    0x7ff727ffb127
                                                                                                                                                                                                    0x7ff727ffb12b
                                                                                                                                                                                                    0x7ff727ffb132
                                                                                                                                                                                                    0x7ff727ffb138
                                                                                                                                                                                                    0x7ff727ffb13d
                                                                                                                                                                                                    0x7ff727ffb145
                                                                                                                                                                                                    0x7ff727ffb14b
                                                                                                                                                                                                    0x7ff727ffb14d
                                                                                                                                                                                                    0x7ff727ffb157
                                                                                                                                                                                                    0x7ff727ffb159
                                                                                                                                                                                                    0x7ff727ffb15e
                                                                                                                                                                                                    0x7ff727ffb163
                                                                                                                                                                                                    0x7ff727ffb168
                                                                                                                                                                                                    0x7ff727ffb16d
                                                                                                                                                                                                    0x7ff727ffb173
                                                                                                                                                                                                    0x7ff727ffb17b
                                                                                                                                                                                                    0x7ff727ffb196
                                                                                                                                                                                                    0x7ff727ffb19b
                                                                                                                                                                                                    0x7ff727ffb1a0
                                                                                                                                                                                                    0x7ff727ffb1a8
                                                                                                                                                                                                    0x7ff727ffb1af
                                                                                                                                                                                                    0x7ff727ffb1b1
                                                                                                                                                                                                    0x7ff727ffb1be
                                                                                                                                                                                                    0x7ff727ffb1ce
                                                                                                                                                                                                    0x7ff727ffb1d3
                                                                                                                                                                                                    0x7ff727ffb1df
                                                                                                                                                                                                    0x7ff727ffb1e1
                                                                                                                                                                                                    0x7ff727ffb1ee
                                                                                                                                                                                                    0x7ff727ffb1f6
                                                                                                                                                                                                    0x7ff727ffb1fe
                                                                                                                                                                                                    0x7ff727ffb206
                                                                                                                                                                                                    0x7ff727ffb20b
                                                                                                                                                                                                    0x7ff727ffb210
                                                                                                                                                                                                    0x7ff727ffb214
                                                                                                                                                                                                    0x7ff727ffb21b
                                                                                                                                                                                                    0x7ff727ffb221
                                                                                                                                                                                                    0x7ff727ffb226
                                                                                                                                                                                                    0x7ff727ffb22e
                                                                                                                                                                                                    0x7ff727ffb234
                                                                                                                                                                                                    0x7ff727ffb240
                                                                                                                                                                                                    0x7ff727ffb242
                                                                                                                                                                                                    0x7ff727ffb247
                                                                                                                                                                                                    0x7ff727ffb24f
                                                                                                                                                                                                    0x7ff727ffb257
                                                                                                                                                                                                    0x7ff727ffb263
                                                                                                                                                                                                    0x7ff727ffb26b
                                                                                                                                                                                                    0x7ff727ffb274
                                                                                                                                                                                                    0x7ff727ffb279
                                                                                                                                                                                                    0x7ff727ffb27f
                                                                                                                                                                                                    0x7ff727ffb287
                                                                                                                                                                                                    0x7ff727ffb28d
                                                                                                                                                                                                    0x7ff727ffb2a5
                                                                                                                                                                                                    0x7ff727ffb2ab
                                                                                                                                                                                                    0x7ff727ffb2b3
                                                                                                                                                                                                    0x7ff727ffb2b9
                                                                                                                                                                                                    0x7ff727ffb2bf
                                                                                                                                                                                                    0x7ff727ffb2c7
                                                                                                                                                                                                    0x7ff727ffb2cc
                                                                                                                                                                                                    0x7ff727ffb2d4
                                                                                                                                                                                                    0x7ff727ffb2e3
                                                                                                                                                                                                    0x7ff727ffb2ed
                                                                                                                                                                                                    0x7ff727ffb2f3
                                                                                                                                                                                                    0x7ff727ffb2fe
                                                                                                                                                                                                    0x7ff727ffb300
                                                                                                                                                                                                    0x7ff727ffb303
                                                                                                                                                                                                    0x7ff727ffb309
                                                                                                                                                                                                    0x7ff727ffb311
                                                                                                                                                                                                    0x7ff727ffb313
                                                                                                                                                                                                    0x7ff727ffb31b
                                                                                                                                                                                                    0x7ff727ffb326
                                                                                                                                                                                                    0x7ff727ffb330
                                                                                                                                                                                                    0x7ff727ffb338
                                                                                                                                                                                                    0x7ff727ffb33e
                                                                                                                                                                                                    0x7ff727ffb34e
                                                                                                                                                                                                    0x7ff727ffb350
                                                                                                                                                                                                    0x7ff727ffb35d
                                                                                                                                                                                                    0x7ff727ffb35f
                                                                                                                                                                                                    0x7ff727ffb364
                                                                                                                                                                                                    0x7ff727ffb36c
                                                                                                                                                                                                    0x7ff727ffb37c
                                                                                                                                                                                                    0x7ff727ffb38c
                                                                                                                                                                                                    0x7ff727ffb391
                                                                                                                                                                                                    0x7ff727ffb3aa

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: 3fab2268b774a43a72f155c8a4013d7ec2b68cad78901ac3ed3aa2c380edfcb8
                                                                                                                                                                                                    • Instruction ID: 62ca98f918c64d7ae60045de2cafd6aef04004168f15a2df4ea99fff49e01134
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fab2268b774a43a72f155c8a4013d7ec2b68cad78901ac3ed3aa2c380edfcb8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8224C3260CBC580DA20AB15E9803ADE360FB8AB94F844132DA9D17BA4DF7CD557CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802A0F0 Relevance: 16.6, APIs: 11, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseCriticalEnterHandleSection
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2649207071-0
                                                                                                                                                                                                    • Opcode ID: c33f4b02dd8f6b7dcacff032d374c0c5cdb63b6fa274afd2291ba177bfd6c425
                                                                                                                                                                                                    • Instruction ID: e7bb1c083c719564e07e1d74a39ced19d6ffaec2f61208e2fc0433b5c7d03d55
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c33f4b02dd8f6b7dcacff032d374c0c5cdb63b6fa274afd2291ba177bfd6c425
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D412521E4DA5286F671BB12DC00278E661EB04B64FC55233D96D173D9CF6EE8518B3C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFEF30 Relevance: 15.4, APIs: 10, Instructions: 392COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF77FF727FFEF30(char __ebx, void* __ecx, long long __rbx, void* __rcx, long long __rbp, void* __r9) {
				void* _v40;
				signed int _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				char _v112;
				char _v119;
				signed char _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				void* __rdi;
				void* __rsi;
				signed char _t142;
				void* _t146;
				void* _t152;
				void* _t258;
				signed long long _t259;
				intOrPtr* _t261;
				intOrPtr* _t262;
				long long _t324;
				char* _t326;
				void* _t329;
				char* _t331;
				char* _t333;
				void* _t334;
				void* _t335;
				intOrPtr* _t340;
				intOrPtr _t356;
				char _t360;
				long long _t378;
				char _t385;
				char _t387;
				char _t389;
				void* _t397;
				char* _t399;
				char* _t401;
				void* _t402;
				void* _t406;
				void* _t409;
				char _t411;
				char _t413;
				long long _t426;
				long long _t432;
				signed long long _t434;
				long long _t437;

				_t323 = __rbx;
				_t258 = _t406;
				_v96 = 0xfffffffe;
				 *((long long*)(_t258 + 0x10)) = __rbx;
				 *((long long*)(_t258 + 0x18)) = __rbp;
				_t259 =  *0x28040430; // 0x449f3b8ca6a
				_v48 = _t259 ^ _t406 - 0x00000090;
				_t402 = __rcx;
				_t261 =  *((intOrPtr*)(__rcx + 0x40));
				if ( *_t261 == 0) goto 0x27ffef9c;
				_t262 =  *((intOrPtr*)(__rcx + 0x58));
				if ( *_t261 -  *_t262 +  *_t261 >= 0) goto 0x27ffef9c;
				 *_t262 =  *_t262 - 1;
				_t340 =  *((intOrPtr*)(__rcx + 0x40));
				_t369 =  *_t340;
				 *_t340 =  *_t340 + 1;
				goto 0x27fff542;
				_t341 =  *((intOrPtr*)(__rcx + 0x88));
				if ( *((intOrPtr*)(__rcx + 0x88)) != 0) goto 0x27ffefb0;
				goto 0x27fff542;
				if ( *((long long*)(__rcx + 0x70)) != 0) goto 0x27ffefd3;
				_t142 = E00007FF77FF728006DD4( *_t340 + 1, __rbx,  *((intOrPtr*)(__rcx + 0x88)), _t369, _t409);
				if (_t142 == 0xffffffff) goto 0x27ffefc7;
				r12d = _t142 & 0x000000ff;
				goto 0x27ffefcb;
				goto 0x27fff542;
				_v56 = 0xf;
				r14d = 0;
				_v64 = _t437;
				_v80 = r14b;
				if (E00007FF77FF728006DD4( *_t340 + 1, _t323, _t341, _t369, _t409) == r12d) goto 0x27fff52a;
				if ((_t434 | 0xffffffffffffffff) - _v64 - 1 > 0) goto 0x27fff01b;
				E00007FF77FF7280033CC( *_t340 + 1, _t323, _t397, __rbp, _t409, __r9);
				_t324 = _v64 + 1;
				if (_t324 - 0xfffffffe <= 0) goto 0x27fff02f;
				_t146 = E00007FF77FF7280033CC( *_t340 + 1, _t324, _t397, __rbp, _t409, __r9);
				if (_v56 - _t324 >= 0) goto 0x27fff05b;
				E00007FF77FF727FF2250(_t146,  &_v88, _t324, _v64);
				goto 0x27fff085;
				if (_t324 != 0) goto 0x27fff085;
				_v64 = _t437;
				_t265 =  >=  ? _v80 :  &_v80;
				 *((char*)( >=  ? _v80 :  &_v80)) = __ebx;
				goto 0x27fff0c7;
				if (_t324 == 0) goto 0x27fff0c7;
				_t267 =  >=  ? _v80 :  &_v80;
				 *((intOrPtr*)(( >=  ? _v80 :  &_v80) + _v64)) = dil;
				_v64 = _t324;
				_t269 =  >=  ? _v80 :  &_v80;
				 *((char*)(( >=  ? _v80 :  &_v80) + _t324)) = 0;
				_t411 = _v80;
				if (_v56 - 0x10 < 0) goto 0x27fff0dc;
				if (_t411 == 0) goto 0x27fff108;
				goto 0x27fff0e1;
				_t399 =  &_v80;
				_t271 =  >=  ? _t411 :  &_v80;
				_t198 = ( >=  ? _t411 :  &_v80) - _t399;
				if (( >=  ? _t411 :  &_v80) - _t399 > 0) goto 0x27fff108;
				_t273 =  >=  ? _t411 :  &_v80;
				_t274 = ( >=  ? _t411 :  &_v80) + _v64;
				_t200 = _t399 - ( >=  ? _t411 :  &_v80) + _v64;
				if (_t399 - ( >=  ? _t411 :  &_v80) + _v64 <= 0) goto 0x27fff11f;
				E00007FF77FF7280044B8();
				if ( &_v88 == 0xfffffffc) goto 0x27fff156;
				_t277 =  >=  ? _v80 :  &_v80;
				_t278 = ( >=  ? _v80 :  &_v80) + _v64;
				_t203 = _t399 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t399 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0x27fff156;
				E00007FF77FF7280044B8();
				_t378 = _v64;
				_t413 = _v80;
				if (_v56 - 0x10 < 0) goto 0x27fff169;
				if (_t413 == 0) goto 0x27fff195;
				goto 0x27fff16e;
				_t326 =  &_v80;
				_t280 =  >=  ? _t413 :  &_v80;
				_t207 = ( >=  ? _t413 :  &_v80) - _t326;
				if (( >=  ? _t413 :  &_v80) - _t326 > 0) goto 0x27fff195;
				_t282 =  >=  ? _t413 :  &_v80;
				_t283 = ( >=  ? _t413 :  &_v80) + _t378;
				_t209 = _t326 - ( >=  ? _t413 :  &_v80) + _t378;
				if (_t326 - ( >=  ? _t413 :  &_v80) + _t378 <= 0) goto 0x27fff1ac;
				E00007FF77FF7280044B8();
				if ( &_v88 == 0xfffffffc) goto 0x27fff1d1;
				_t286 =  >=  ? _v80 :  &_v80;
				_t287 = ( >=  ? _v80 :  &_v80) + _v64;
				_t212 = _t326 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t326 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0x27fff1d1;
				E00007FF77FF7280044B8();
				_v128 =  &_v104;
				_v136 =  &_v119;
				_v144 =  &_v120;
				_v152 =  &_v112;
				_t152 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t402 + 0x70)))) + 0x20))();
				if (_t152 < 0) goto 0x27fff510;
				if (_t152 - 1 <= 0) goto 0x27fff238;
				if (_t152 != 3) goto 0x27fff510;
				if (_v64 - 1 >= 0) goto 0x27fff363;
				goto 0x27fff347;
				if (_v104 !=  &_v120) goto 0x27fff41f;
				_t385 = _v80;
				if (_v56 - 0x10 < 0) goto 0x27fff265;
				if (_t385 == 0) goto 0x27fff296;
				goto 0x27fff26a;
				_t401 =  &_v80;
				_t291 =  >=  ? _t385 :  &_v80;
				_t221 = ( >=  ? _t385 :  &_v80) - _t401;
				if (( >=  ? _t385 :  &_v80) - _t401 > 0) goto 0x27fff296;
				_t293 =  >=  ? _t385 :  &_v80;
				_t294 = ( >=  ? _t385 :  &_v80) + _v64;
				_t223 = _t401 - ( >=  ? _t385 :  &_v80) + _v64;
				if (_t401 - ( >=  ? _t385 :  &_v80) + _v64 <= 0) goto 0x27fff2ad;
				E00007FF77FF7280044B8();
				if ( &_v88 == 0xfffffffc) goto 0x27fff2e4;
				_t297 =  >=  ? _v80 :  &_v80;
				_t298 = ( >=  ? _v80 :  &_v80) + _v64;
				_t226 = _t401 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t401 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0x27fff2e4;
				E00007FF77FF7280044B8();
				_t426 = _v64;
				_t387 = _v80;
				_t329 =  <  ? _t426 : _v112 - _t401;
				if (_t329 == 0) goto 0x27fff347;
				_t300 =  >=  ? _t387 :  &_v80;
				_t355 =  >=  ? _t387 :  &_v80;
				_t427 = _t426 - _t329;
				_t416 = _t329 + ( >=  ? _t387 :  &_v80);
				E00007FF77FF728004070( >=  ? _t387 :  &_v80, _v56, _t329 + ( >=  ? _t387 :  &_v80), _t426 - _t329);
				_t432 = _v64 - _t329;
				_v64 = _t432;
				_t302 =  >=  ? _v80 :  &_v80;
				 *((char*)(_t432 + ( >=  ? _v80 :  &_v80))) = 0;
				_t356 =  *((intOrPtr*)(_t402 + 0x88));
				if (E00007FF77FF728006DD4( >=  ? _v80 :  &_v80, _t329, _t356, _v56, _t329 + ( >=  ? _t387 :  &_v80)) == 0xffffffff) goto 0x27fff52a;
				goto 0x27fff000;
				_t389 = _v80;
				if (_v56 - 0x10 < 0) goto 0x27fff380;
				if (_t389 == 0) goto 0x27fff3ac;
				goto 0x27fff385;
				_t331 =  &_v80;
				_t304 =  >=  ? _t389 :  &_v80;
				_t236 = ( >=  ? _t389 :  &_v80) - _t331;
				if (( >=  ? _t389 :  &_v80) - _t331 > 0) goto 0x27fff3ac;
				_t306 =  >=  ? _t389 :  &_v80;
				_t307 = ( >=  ? _t389 :  &_v80) + _t356;
				_t238 = _t331 - ( >=  ? _t389 :  &_v80) + _t356;
				if (_t331 - ( >=  ? _t389 :  &_v80) + _t356 <= 0) goto 0x27fff3c3;
				E00007FF77FF7280044B8();
				if ( &_v88 == 0xfffffffc) goto 0x27fff3e8;
				_t310 =  >=  ? _v80 :  &_v80;
				_t311 = ( >=  ? _v80 :  &_v80) + _v64;
				_t241 = _t331 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t331 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0x27fff3e8;
				E00007FF77FF7280044B8();
				r9d = 1;
				E00007FF77FF7280044E0(( >=  ? _v80 :  &_v80) + _v64, _t331,  &_v120, _t426 - _t329, _t402, _t331, _t426 - _t329);
				if (_v56 - 0x10 < 0) goto 0x27fff418;
				E00007FF77FF7280044D8(( >=  ? _v80 :  &_v80) + _v64, _t331, _v80, _t426 - _t329, _t402, _t331, _t427);
				goto 0x27fff542;
				_t360 = _v80;
				if (_v56 - 0x10 < 0) goto 0x27fff43c;
				if (_t360 == 0) goto 0x27fff46d;
				goto 0x27fff441;
				_t333 =  &_v80;
				_t313 =  >=  ? _t360 :  &_v80;
				_t246 = ( >=  ? _t360 :  &_v80) - _t333;
				if (( >=  ? _t360 :  &_v80) - _t333 > 0) goto 0x27fff46d;
				_t315 =  >=  ? _t360 :  &_v80;
				_t316 = ( >=  ? _t360 :  &_v80) + _v64;
				_t248 = _t333 - ( >=  ? _t360 :  &_v80) + _v64;
				if (_t333 - ( >=  ? _t360 :  &_v80) + _v64 <= 0) goto 0x27fff484;
				E00007FF77FF7280044B8();
				if ( &_v88 == 0xfffffffc) goto 0x27fff4b6;
				_t319 =  >=  ? _v80 :  &_v80;
				_t320 = ( >=  ? _v80 :  &_v80) + _v64;
				_t251 = _t333 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t333 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0x27fff4b6;
				_t334 = (_v120 & 0x000000ff) - E00007FF77FF7280044B8() + _v64;
				if (_t334 <= 0) goto 0x27fff4fc;
				_t335 = _t334 - 1;
				E00007FF77FF728006B00( *((char*)(_t335 + _v112)), _v112, _t335, _v80,  *((intOrPtr*)(_t402 + 0x88)), _t402, _t378);
				if (_t335 <= 0) goto 0x27fff4ef;
				goto 0x27fff4d0;
				if (_v56 - 0x10 < 0) goto 0x27fff50c;
				E00007FF77FF7280044D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				goto 0x27fff542;
				if (_v56 - 0x10 < 0) goto 0x27fff525;
				E00007FF77FF7280044D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				goto 0x27fff542;
				if (_v56 - 0x10 < 0) goto 0x27fff53f;
				E00007FF77FF7280044D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				return E00007FF77FF728004050( *((char*)(_t335 + _v112)), _v48 ^ _t406 - 0x00000090, _v56, _v64, _t427);
			}





















































                                                                                                                                                                                                    0x7ff727ffef30
                                                                                                                                                                                                    0x7ff727ffef30
                                                                                                                                                                                                    0x7ff727ffef42
                                                                                                                                                                                                    0x7ff727ffef4b
                                                                                                                                                                                                    0x7ff727ffef4f
                                                                                                                                                                                                    0x7ff727ffef53
                                                                                                                                                                                                    0x7ff727ffef5d
                                                                                                                                                                                                    0x7ff727ffef65
                                                                                                                                                                                                    0x7ff727ffef68
                                                                                                                                                                                                    0x7ff727ffef70
                                                                                                                                                                                                    0x7ff727ffef75
                                                                                                                                                                                                    0x7ff727ffef82
                                                                                                                                                                                                    0x7ff727ffef84
                                                                                                                                                                                                    0x7ff727ffef86
                                                                                                                                                                                                    0x7ff727ffef8a
                                                                                                                                                                                                    0x7ff727ffef91
                                                                                                                                                                                                    0x7ff727ffef97
                                                                                                                                                                                                    0x7ff727ffef9c
                                                                                                                                                                                                    0x7ff727ffefa6
                                                                                                                                                                                                    0x7ff727ffefab
                                                                                                                                                                                                    0x7ff727ffefb5
                                                                                                                                                                                                    0x7ff727ffefb7
                                                                                                                                                                                                    0x7ff727ffefbf
                                                                                                                                                                                                    0x7ff727ffefc1
                                                                                                                                                                                                    0x7ff727ffefc5
                                                                                                                                                                                                    0x7ff727ffefce
                                                                                                                                                                                                    0x7ff727ffefd3
                                                                                                                                                                                                    0x7ff727ffefdf
                                                                                                                                                                                                    0x7ff727ffefe2
                                                                                                                                                                                                    0x7ff727ffefe7
                                                                                                                                                                                                    0x7ff727ffeffa
                                                                                                                                                                                                    0x7ff727fff00f
                                                                                                                                                                                                    0x7ff727fff011
                                                                                                                                                                                                    0x7ff727fff01b
                                                                                                                                                                                                    0x7ff727fff023
                                                                                                                                                                                                    0x7ff727fff025
                                                                                                                                                                                                    0x7ff727fff03a
                                                                                                                                                                                                    0x7ff727fff047
                                                                                                                                                                                                    0x7ff727fff059
                                                                                                                                                                                                    0x7ff727fff05e
                                                                                                                                                                                                    0x7ff727fff060
                                                                                                                                                                                                    0x7ff727fff06e
                                                                                                                                                                                                    0x7ff727fff074
                                                                                                                                                                                                    0x7ff727fff083
                                                                                                                                                                                                    0x7ff727fff088
                                                                                                                                                                                                    0x7ff727fff093
                                                                                                                                                                                                    0x7ff727fff099
                                                                                                                                                                                                    0x7ff727fff09d
                                                                                                                                                                                                    0x7ff727fff0b0
                                                                                                                                                                                                    0x7ff727fff0b6
                                                                                                                                                                                                    0x7ff727fff0c7
                                                                                                                                                                                                    0x7ff727fff0d0
                                                                                                                                                                                                    0x7ff727fff0d8
                                                                                                                                                                                                    0x7ff727fff0da
                                                                                                                                                                                                    0x7ff727fff0dc
                                                                                                                                                                                                    0x7ff727fff0ea
                                                                                                                                                                                                    0x7ff727fff0ee
                                                                                                                                                                                                    0x7ff727fff0f1
                                                                                                                                                                                                    0x7ff727fff0fc
                                                                                                                                                                                                    0x7ff727fff100
                                                                                                                                                                                                    0x7ff727fff103
                                                                                                                                                                                                    0x7ff727fff106
                                                                                                                                                                                                    0x7ff727fff108
                                                                                                                                                                                                    0x7ff727fff128
                                                                                                                                                                                                    0x7ff727fff133
                                                                                                                                                                                                    0x7ff727fff137
                                                                                                                                                                                                    0x7ff727fff13a
                                                                                                                                                                                                    0x7ff727fff13d
                                                                                                                                                                                                    0x7ff727fff13f
                                                                                                                                                                                                    0x7ff727fff14c
                                                                                                                                                                                                    0x7ff727fff151
                                                                                                                                                                                                    0x7ff727fff15d
                                                                                                                                                                                                    0x7ff727fff165
                                                                                                                                                                                                    0x7ff727fff167
                                                                                                                                                                                                    0x7ff727fff169
                                                                                                                                                                                                    0x7ff727fff177
                                                                                                                                                                                                    0x7ff727fff17b
                                                                                                                                                                                                    0x7ff727fff17e
                                                                                                                                                                                                    0x7ff727fff189
                                                                                                                                                                                                    0x7ff727fff18d
                                                                                                                                                                                                    0x7ff727fff190
                                                                                                                                                                                                    0x7ff727fff193
                                                                                                                                                                                                    0x7ff727fff195
                                                                                                                                                                                                    0x7ff727fff1b5
                                                                                                                                                                                                    0x7ff727fff1c0
                                                                                                                                                                                                    0x7ff727fff1c4
                                                                                                                                                                                                    0x7ff727fff1c7
                                                                                                                                                                                                    0x7ff727fff1ca
                                                                                                                                                                                                    0x7ff727fff1cc
                                                                                                                                                                                                    0x7ff727fff1e1
                                                                                                                                                                                                    0x7ff727fff1eb
                                                                                                                                                                                                    0x7ff727fff1f5
                                                                                                                                                                                                    0x7ff727fff1ff
                                                                                                                                                                                                    0x7ff727fff20b
                                                                                                                                                                                                    0x7ff727fff210
                                                                                                                                                                                                    0x7ff727fff219
                                                                                                                                                                                                    0x7ff727fff21e
                                                                                                                                                                                                    0x7ff727fff22d
                                                                                                                                                                                                    0x7ff727fff233
                                                                                                                                                                                                    0x7ff727fff242
                                                                                                                                                                                                    0x7ff727fff248
                                                                                                                                                                                                    0x7ff727fff259
                                                                                                                                                                                                    0x7ff727fff261
                                                                                                                                                                                                    0x7ff727fff263
                                                                                                                                                                                                    0x7ff727fff265
                                                                                                                                                                                                    0x7ff727fff273
                                                                                                                                                                                                    0x7ff727fff277
                                                                                                                                                                                                    0x7ff727fff27a
                                                                                                                                                                                                    0x7ff727fff285
                                                                                                                                                                                                    0x7ff727fff28e
                                                                                                                                                                                                    0x7ff727fff291
                                                                                                                                                                                                    0x7ff727fff294
                                                                                                                                                                                                    0x7ff727fff296
                                                                                                                                                                                                    0x7ff727fff2b6
                                                                                                                                                                                                    0x7ff727fff2c1
                                                                                                                                                                                                    0x7ff727fff2c5
                                                                                                                                                                                                    0x7ff727fff2c8
                                                                                                                                                                                                    0x7ff727fff2cb
                                                                                                                                                                                                    0x7ff727fff2cd
                                                                                                                                                                                                    0x7ff727fff2da
                                                                                                                                                                                                    0x7ff727fff2df
                                                                                                                                                                                                    0x7ff727fff2ef
                                                                                                                                                                                                    0x7ff727fff2f6
                                                                                                                                                                                                    0x7ff727fff301
                                                                                                                                                                                                    0x7ff727fff30e
                                                                                                                                                                                                    0x7ff727fff312
                                                                                                                                                                                                    0x7ff727fff315
                                                                                                                                                                                                    0x7ff727fff31c
                                                                                                                                                                                                    0x7ff727fff326
                                                                                                                                                                                                    0x7ff727fff329
                                                                                                                                                                                                    0x7ff727fff33c
                                                                                                                                                                                                    0x7ff727fff342
                                                                                                                                                                                                    0x7ff727fff347
                                                                                                                                                                                                    0x7ff727fff358
                                                                                                                                                                                                    0x7ff727fff35e
                                                                                                                                                                                                    0x7ff727fff363
                                                                                                                                                                                                    0x7ff727fff374
                                                                                                                                                                                                    0x7ff727fff37c
                                                                                                                                                                                                    0x7ff727fff37e
                                                                                                                                                                                                    0x7ff727fff380
                                                                                                                                                                                                    0x7ff727fff38e
                                                                                                                                                                                                    0x7ff727fff392
                                                                                                                                                                                                    0x7ff727fff395
                                                                                                                                                                                                    0x7ff727fff3a0
                                                                                                                                                                                                    0x7ff727fff3a4
                                                                                                                                                                                                    0x7ff727fff3a7
                                                                                                                                                                                                    0x7ff727fff3aa
                                                                                                                                                                                                    0x7ff727fff3ac
                                                                                                                                                                                                    0x7ff727fff3cc
                                                                                                                                                                                                    0x7ff727fff3d7
                                                                                                                                                                                                    0x7ff727fff3db
                                                                                                                                                                                                    0x7ff727fff3de
                                                                                                                                                                                                    0x7ff727fff3e1
                                                                                                                                                                                                    0x7ff727fff3e3
                                                                                                                                                                                                    0x7ff727fff3e8
                                                                                                                                                                                                    0x7ff727fff3f9
                                                                                                                                                                                                    0x7ff727fff40c
                                                                                                                                                                                                    0x7ff727fff413
                                                                                                                                                                                                    0x7ff727fff41a
                                                                                                                                                                                                    0x7ff727fff41f
                                                                                                                                                                                                    0x7ff727fff430
                                                                                                                                                                                                    0x7ff727fff438
                                                                                                                                                                                                    0x7ff727fff43a
                                                                                                                                                                                                    0x7ff727fff43c
                                                                                                                                                                                                    0x7ff727fff44a
                                                                                                                                                                                                    0x7ff727fff44e
                                                                                                                                                                                                    0x7ff727fff451
                                                                                                                                                                                                    0x7ff727fff45c
                                                                                                                                                                                                    0x7ff727fff465
                                                                                                                                                                                                    0x7ff727fff468
                                                                                                                                                                                                    0x7ff727fff46b
                                                                                                                                                                                                    0x7ff727fff46d
                                                                                                                                                                                                    0x7ff727fff48d
                                                                                                                                                                                                    0x7ff727fff498
                                                                                                                                                                                                    0x7ff727fff49c
                                                                                                                                                                                                    0x7ff727fff49f
                                                                                                                                                                                                    0x7ff727fff4a2
                                                                                                                                                                                                    0x7ff727fff4c1
                                                                                                                                                                                                    0x7ff727fff4c7
                                                                                                                                                                                                    0x7ff727fff4d0
                                                                                                                                                                                                    0x7ff727fff4de
                                                                                                                                                                                                    0x7ff727fff4e6
                                                                                                                                                                                                    0x7ff727fff4ed
                                                                                                                                                                                                    0x7ff727fff505
                                                                                                                                                                                                    0x7ff727fff507
                                                                                                                                                                                                    0x7ff727fff50e
                                                                                                                                                                                                    0x7ff727fff519
                                                                                                                                                                                                    0x7ff727fff520
                                                                                                                                                                                                    0x7ff727fff528
                                                                                                                                                                                                    0x7ff727fff533
                                                                                                                                                                                                    0x7ff727fff53a
                                                                                                                                                                                                    0x7ff727fff56d

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4881c8078162d35f82bba43f03a585fc8a805b2fb2cb09d7df4f1abe047ead2c
                                                                                                                                                                                                    • Instruction ID: b4af98cd695b1edea2dcf563e4082dff8e928a183816c2f6aa1c17a48dc58bc9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4881c8078162d35f82bba43f03a585fc8a805b2fb2cb09d7df4f1abe047ead2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C02C72260CB4181EE10AB15E9402ADE791FB867E0FD54632DAAD43BE9DF3CE542CF51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728007934 Relevance: 15.3, APIs: 10, Instructions: 253COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                                                                    			E00007FF77FF728007934(signed long long __rbx, long long __rcx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v48;
				char _v65;
				intOrPtr _v66;
				signed short _v72;
				signed long long _v96;
				signed int _v104;
				char _v120;
				char _v128;
				char _v136;
				long long _v144;
				long long _v152;
				void* __rdi;
				signed int _t102;
				signed int _t130;
				signed int _t135;
				void* _t137;
				void* _t139;
				void* _t164;
				signed long long _t167;
				signed long long _t168;
				intOrPtr* _t169;
				signed int _t170;
				long long _t172;
				signed long long _t180;
				signed char* _t189;
				signed char* _t194;
				signed long long _t211;
				void* _t214;
				int _t222;
				long long _t223;
				long long _t225;
				intOrPtr* _t228;
				long long _t229;
				void* _t231;
				void* _t234;
				void* _t236;
				void* _t239;
				void* _t241;
				signed long long _t242;
				signed long long _t243;
				void* _t245;
				signed long long _t247;
				void* _t249;
				signed long long _t251;
				void* _t253;
				signed long long _t255;

				_t225 = __rsi;
				_t180 = __rbx;
				_t239 = _t231;
				 *((long long*)(_t239 + 0x10)) = __rbx;
				 *((long long*)(_t239 + 0x18)) = __rbp;
				 *((long long*)(_t239 + 0x20)) = __rsi;
				_t167 =  *0x28040430; // 0x449f3b8ca6a
				_t168 = _t167 ^ _t231 - 0x00000090;
				_v48 = _t168;
				_t223 = __rcx;
				 *((long long*)(_t239 - 0x58)) = __rcx;
				_v96 = __rbx;
				_t242 = __rbx;
				 *((long long*)(_t239 - 0x50)) = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x14)) == 0) goto 0x28007cd0;
				_t228 = __rcx + 4;
				_t10 = _t180 + 1; // 0x1
				_t137 = _t10;
				if ( *_t228 != 0) goto 0x280079bb;
				r8d =  *(__rcx + 0x30) & 0x0000ffff;
				r9d = 0x1004;
				_v152 = _t228;
				if (E00007FF77FF72800FB68(0, 0, __rbx, _t239 - 0x58, _t234) != 0) goto 0x28007ca0;
				E00007FF77FF72800A574(_t139, _t168, __rbx, _t239 - 0x58, __rsi, _t228);
				r12d = 0x180;
				_v96 = _t168;
				E00007FF77FF72800A5E0(_t180, _t242, _t214, _t223, _t225, _t228, _t253, _t249);
				_t247 = _t168;
				E00007FF77FF72800A5E0(_t180, _t242, _t225, _t223, _t225, _t228, _t245, _t241);
				_t255 = _t168;
				E00007FF77FF72800A5E0(_t180, _t242, _t225, _t223, _t225, _t228);
				_t251 = _t168;
				E00007FF77FF72800A5E0(_t180, _t242, _t225, _t223, _t225, _t228);
				_t243 = _t168;
				_t169 = _v96;
				if (_t169 == _t180) goto 0x28007ca0;
				if (_t247 == _t180) goto 0x28007ca0;
				if (_t243 == _t180) goto 0x28007ca0;
				if (_t255 == _t180) goto 0x28007ca0;
				if (_t251 == _t180) goto 0x28007ca0;
				 *_t169 = 0;
				 *_t243 = 0;
				if (0 + _t137 - 0x100 < 0) goto 0x28007a45;
				if (GetCPInfo(_t222) == 0) goto 0x28007ca0;
				if (_v72 - 5 > 0) goto 0x28007ca0;
				_t102 = _v72 & 0x0000ffff;
				_v104 = _t102;
				if (_t102 - _t137 <= 0) goto 0x28007ab0;
				if (_v66 == 0) goto 0x28007ab0;
				_t22 =  &_v65; // 0x1f7
				_t189 = _t22;
				if ( *_t189 == 0) goto 0x28007ab0;
				_t130 =  *(_t189 - 1) & 0x000000ff;
				goto 0x28007aa0;
				_t170 = _t130;
				 *((char*)(_t170 + _t243)) = 0x20;
				if (_t130 + _t137 - ( *_t189 & 0x000000ff) <= 0) goto 0x28007a96;
				if ( *((intOrPtr*)( &(_t189[2]) - 1)) != 0) goto 0x28007a8c;
				_v128 = 0;
				_t27 = _t247 + 0x100; // 0x100
				_v136 = 0;
				_v144 =  *_t228;
				_v152 = _t27;
				r9d = 0x100;
				if (E00007FF77FF728012858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236) == 0) goto 0x28007ca0;
				_v120 = 0;
				_v128 =  *_t228;
				_t34 = _t255 + 0x81; // 0x81
				_v136 = 0xff;
				_v144 = _t34;
				_t37 = _t170 + 1; // 0x100
				r8d = _t37;
				_t38 = _t243 + 1; // 0x1
				_v152 = 0xff;
				if (E00007FF77FF72800AC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF77FF728012858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236), _t170, _t180, _t34, _t225, _t243, _t38) == 0) goto 0x28007ca0;
				_v120 = 0;
				_v128 =  *_t228;
				_t43 = _t251 + 0x81; // 0x81
				_v136 = 0xff;
				_v144 = _t43;
				_t46 = _t243 + 1; // 0x1
				r8d = 0x200;
				_v152 = 0xff;
				if (E00007FF77FF72800AC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF77FF72800AC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF77FF728012858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236), _t170, _t180, _t34, _t225, _t243, _t38), _t170, _t180, _t43, _t225, _t243, _t46) == 0) goto 0x28007ca0;
				_t49 = _t247 + 0xfe; // 0xfe
				_t229 = _t49;
				 *_t229 = 0;
				 *((char*)(_t255 + 0x7f)) = 0;
				 *((char*)(_t251 + 0x7f)) = 0;
				 *((char*)(_t255 + 0x80)) = 0;
				 *((char*)(_t251 + 0x80)) = 0;
				if (_v104 - _t137 <= 0) goto 0x28007bc5;
				if (_v66 == 0) goto 0x28007bc5;
				_t55 =  &_v65; // 0x1f7
				_t194 = _t55;
				if ( *_t194 == 0) goto 0x28007bc5;
				_t135 =  *(_t194 - 1) & 0x000000ff;
				goto 0x28007bb5;
				r8d = 0x8000;
				 *((intOrPtr*)(_t247 + 0x100 + _t135 * 2)) = r8w;
				if (_t135 + _t137 - ( *_t194 & 0x000000ff) <= 0) goto 0x28007ba1;
				if ( *((intOrPtr*)( &(_t194[2]) - 1)) != 0) goto 0x28007b97;
				_t61 = _t247 + 0x200; // 0x200
				r8d = 0xfe;
				E00007FF77FF72800AE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t247, _t61, _t243);
				_t62 = _t255 + 0x100; // 0x100
				r8d = 0x7f;
				E00007FF77FF72800AE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t255, _t62, _t243);
				_t63 = _t251 + 0x100; // 0x100
				r8d = 0x7f;
				E00007FF77FF72800AE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t251, _t63, _t243);
				_t164 =  *((intOrPtr*)(_t223 + 0x130)) - _t180;
				if (_t164 == 0) goto 0x28007c55;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t164 != 0) goto 0x28007c55;
				free(??);
				free(??);
				free(??);
				free(??);
				_t172 = _v96;
				 *_t172 = _t137;
				 *((long long*)(_t223 + 0x130)) = _t172;
				_t71 = _t247 + 0x100; // 0x100
				 *((long long*)(_t223 + 0x140)) = _t71;
				_t73 = _t255 + 0x80; // 0x80
				 *((long long*)(_t223 + 0x138)) = _t229;
				 *((long long*)(_t223 + 0x148)) = _t73;
				_t76 = _t251 + 0x80; // 0x80
				 *((long long*)(_t223 + 0x150)) = _t76;
				 *(_t223 + 0x10c) = _v104;
				goto 0x28007cc4;
				free(??);
				free(??);
				free(??);
				free(??);
				_t211 = _t243;
				free(??);
				goto 0x28007d25;
				if ( *(_t211 + 0x130) == _t180) goto 0x28007ce0;
				asm("lock add dword [eax], 0xffffffff");
				 *(_t211 + 0x130) = _t180;
				 *((long long*)(_t211 + 0x140)) = 0x28030ed0;
				 *(_t211 + 0x138) = _t180;
				 *((long long*)(_t211 + 0x148)) = 0x28031360;
				 *((intOrPtr*)(_t211 + 0x10c)) = 1;
				 *((long long*)(_t211 + 0x150)) = 0x280314e0;
				return E00007FF77FF728004050(0, _v48 ^ _t231 - 0x00000090, _t63, _t243, _t46);
			}


















































                                                                                                                                                                                                    0x7ff728007934
                                                                                                                                                                                                    0x7ff728007934
                                                                                                                                                                                                    0x7ff728007934
                                                                                                                                                                                                    0x7ff728007937
                                                                                                                                                                                                    0x7ff72800793b
                                                                                                                                                                                                    0x7ff72800793f
                                                                                                                                                                                                    0x7ff728007953
                                                                                                                                                                                                    0x7ff72800795a
                                                                                                                                                                                                    0x7ff72800795d
                                                                                                                                                                                                    0x7ff728007967
                                                                                                                                                                                                    0x7ff72800796a
                                                                                                                                                                                                    0x7ff72800796e
                                                                                                                                                                                                    0x7ff72800797c
                                                                                                                                                                                                    0x7ff72800797f
                                                                                                                                                                                                    0x7ff728007986
                                                                                                                                                                                                    0x7ff72800798c
                                                                                                                                                                                                    0x7ff728007990
                                                                                                                                                                                                    0x7ff728007990
                                                                                                                                                                                                    0x7ff728007996
                                                                                                                                                                                                    0x7ff728007998
                                                                                                                                                                                                    0x7ff7280079a3
                                                                                                                                                                                                    0x7ff7280079a9
                                                                                                                                                                                                    0x7ff7280079b5
                                                                                                                                                                                                    0x7ff7280079c0
                                                                                                                                                                                                    0x7ff7280079c5
                                                                                                                                                                                                    0x7ff7280079d3
                                                                                                                                                                                                    0x7ff7280079d8
                                                                                                                                                                                                    0x7ff7280079e3
                                                                                                                                                                                                    0x7ff7280079e6
                                                                                                                                                                                                    0x7ff7280079f1
                                                                                                                                                                                                    0x7ff7280079f4
                                                                                                                                                                                                    0x7ff728007a01
                                                                                                                                                                                                    0x7ff728007a04
                                                                                                                                                                                                    0x7ff728007a09
                                                                                                                                                                                                    0x7ff728007a0c
                                                                                                                                                                                                    0x7ff728007a14
                                                                                                                                                                                                    0x7ff728007a1d
                                                                                                                                                                                                    0x7ff728007a26
                                                                                                                                                                                                    0x7ff728007a2f
                                                                                                                                                                                                    0x7ff728007a38
                                                                                                                                                                                                    0x7ff728007a3e
                                                                                                                                                                                                    0x7ff728007a45
                                                                                                                                                                                                    0x7ff728007a51
                                                                                                                                                                                                    0x7ff728007a63
                                                                                                                                                                                                    0x7ff728007a6e
                                                                                                                                                                                                    0x7ff728007a74
                                                                                                                                                                                                    0x7ff728007a7b
                                                                                                                                                                                                    0x7ff728007a7f
                                                                                                                                                                                                    0x7ff728007a85
                                                                                                                                                                                                    0x7ff728007a87
                                                                                                                                                                                                    0x7ff728007a87
                                                                                                                                                                                                    0x7ff728007a8e
                                                                                                                                                                                                    0x7ff728007a90
                                                                                                                                                                                                    0x7ff728007a94
                                                                                                                                                                                                    0x7ff728007a96
                                                                                                                                                                                                    0x7ff728007a9b
                                                                                                                                                                                                    0x7ff728007aa5
                                                                                                                                                                                                    0x7ff728007aae
                                                                                                                                                                                                    0x7ff728007ab3
                                                                                                                                                                                                    0x7ff728007ab7
                                                                                                                                                                                                    0x7ff728007abe
                                                                                                                                                                                                    0x7ff728007ac2
                                                                                                                                                                                                    0x7ff728007ac6
                                                                                                                                                                                                    0x7ff728007acd
                                                                                                                                                                                                    0x7ff728007adf
                                                                                                                                                                                                    0x7ff728007aeb
                                                                                                                                                                                                    0x7ff728007aef
                                                                                                                                                                                                    0x7ff728007af8
                                                                                                                                                                                                    0x7ff728007aff
                                                                                                                                                                                                    0x7ff728007b03
                                                                                                                                                                                                    0x7ff728007b08
                                                                                                                                                                                                    0x7ff728007b08
                                                                                                                                                                                                    0x7ff728007b0c
                                                                                                                                                                                                    0x7ff728007b13
                                                                                                                                                                                                    0x7ff728007b1e
                                                                                                                                                                                                    0x7ff728007b2a
                                                                                                                                                                                                    0x7ff728007b2e
                                                                                                                                                                                                    0x7ff728007b37
                                                                                                                                                                                                    0x7ff728007b3e
                                                                                                                                                                                                    0x7ff728007b42
                                                                                                                                                                                                    0x7ff728007b47
                                                                                                                                                                                                    0x7ff728007b4e
                                                                                                                                                                                                    0x7ff728007b54
                                                                                                                                                                                                    0x7ff728007b5f
                                                                                                                                                                                                    0x7ff728007b69
                                                                                                                                                                                                    0x7ff728007b69
                                                                                                                                                                                                    0x7ff728007b70
                                                                                                                                                                                                    0x7ff728007b74
                                                                                                                                                                                                    0x7ff728007b78
                                                                                                                                                                                                    0x7ff728007b7c
                                                                                                                                                                                                    0x7ff728007b83
                                                                                                                                                                                                    0x7ff728007b8a
                                                                                                                                                                                                    0x7ff728007b90
                                                                                                                                                                                                    0x7ff728007b92
                                                                                                                                                                                                    0x7ff728007b92
                                                                                                                                                                                                    0x7ff728007b99
                                                                                                                                                                                                    0x7ff728007b9b
                                                                                                                                                                                                    0x7ff728007b9f
                                                                                                                                                                                                    0x7ff728007ba4
                                                                                                                                                                                                    0x7ff728007bac
                                                                                                                                                                                                    0x7ff728007bba
                                                                                                                                                                                                    0x7ff728007bc3
                                                                                                                                                                                                    0x7ff728007bc5
                                                                                                                                                                                                    0x7ff728007bcc
                                                                                                                                                                                                    0x7ff728007bd5
                                                                                                                                                                                                    0x7ff728007bda
                                                                                                                                                                                                    0x7ff728007be1
                                                                                                                                                                                                    0x7ff728007bea
                                                                                                                                                                                                    0x7ff728007bef
                                                                                                                                                                                                    0x7ff728007bf6
                                                                                                                                                                                                    0x7ff728007bff
                                                                                                                                                                                                    0x7ff728007c0b
                                                                                                                                                                                                    0x7ff728007c0e
                                                                                                                                                                                                    0x7ff728007c10
                                                                                                                                                                                                    0x7ff728007c14
                                                                                                                                                                                                    0x7ff728007c24
                                                                                                                                                                                                    0x7ff728007c34
                                                                                                                                                                                                    0x7ff728007c44
                                                                                                                                                                                                    0x7ff728007c50
                                                                                                                                                                                                    0x7ff728007c55
                                                                                                                                                                                                    0x7ff728007c5a
                                                                                                                                                                                                    0x7ff728007c5c
                                                                                                                                                                                                    0x7ff728007c63
                                                                                                                                                                                                    0x7ff728007c6a
                                                                                                                                                                                                    0x7ff728007c71
                                                                                                                                                                                                    0x7ff728007c78
                                                                                                                                                                                                    0x7ff728007c7f
                                                                                                                                                                                                    0x7ff728007c86
                                                                                                                                                                                                    0x7ff728007c8d
                                                                                                                                                                                                    0x7ff728007c98
                                                                                                                                                                                                    0x7ff728007c9e
                                                                                                                                                                                                    0x7ff728007ca5
                                                                                                                                                                                                    0x7ff728007cad
                                                                                                                                                                                                    0x7ff728007cb5
                                                                                                                                                                                                    0x7ff728007cbd
                                                                                                                                                                                                    0x7ff728007cc4
                                                                                                                                                                                                    0x7ff728007cc7
                                                                                                                                                                                                    0x7ff728007cce
                                                                                                                                                                                                    0x7ff728007cda
                                                                                                                                                                                                    0x7ff728007cdc
                                                                                                                                                                                                    0x7ff728007cec
                                                                                                                                                                                                    0x7ff728007cf3
                                                                                                                                                                                                    0x7ff728007d01
                                                                                                                                                                                                    0x7ff728007d08
                                                                                                                                                                                                    0x7ff728007d16
                                                                                                                                                                                                    0x7ff728007d1c
                                                                                                                                                                                                    0x7ff728007d55

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorInfoLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 189849726-0
                                                                                                                                                                                                    • Opcode ID: 56237f1013cf1dc1397bfeea8cdaa334b227246309f0e1c3ee9da10f49af2e64
                                                                                                                                                                                                    • Instruction ID: 5a36fef53f150eac4d15025160667e328036197cba0790add2d09f17c6684a39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56237f1013cf1dc1397bfeea8cdaa334b227246309f0e1c3ee9da10f49af2e64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50B1BF32A0968286D760EF25DC406ADF7A4FB84784F944136EAAD877C1DF3EE541CB18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801483C Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 15%
                                                                                                                                                                                                    			E00007FF77FF72801483C(int __ecx, void* __edx, long long __r8, int* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t39;
				int _t41;
				void* _t43;
				int _t45;
				int _t48;
				int _t50;
				int _t69;
				int _t71;
				int _t72;
				signed long long _t97;
				intOrPtr* _t105;
				int _t108;
				void* _t109;
				long long _t120;
				signed long long _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t139;
				void* _t140;
				long long _t141;
				long long _t142;

				_t138 = __r9;
				_t127 = _t126 - 0x88;
				_t125 = _t127 + 0x40;
				_t97 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t125 + 0x30) = _t97 ^ _t125;
				_t141 =  *((intOrPtr*)(_t125 + 0xb0));
				r12d =  *__r9;
				 *_t125 = 0;
				 *(_t125 + 0x10) = __r9;
				r13d = __edx;
				r15d = __ecx;
				 *((long long*)(_t125 + 8)) = __r8;
				if (__ecx == __edx) goto 0x28014aa1;
				if (GetCPInfo(??, ??) == 0) goto 0x2801493f;
				if ( *((intOrPtr*)(_t125 + 0x18)) != 1) goto 0x2801493f;
				if (GetCPInfo(??, ??) == 0) goto 0x2801493f;
				if ( *((intOrPtr*)(_t125 + 0x18)) != 1) goto 0x2801493f;
				 *_t125 = 1;
				if (r12d == 0xffffffff) goto 0x28014932;
				_t69 = r12d;
				if (_t69 <= 0) goto 0x28014986;
				_t108 = _t69;
				if (_t108 - 0xfffffff0 > 0) goto 0x28014986;
				_t109 = _t108 + _t108 + 0x10;
				if (_t109 - 0x400 > 0) goto 0x2801496d;
				if (_t109 + 0xf - _t109 > 0) goto 0x28014914;
				_t39 = E00007FF77FF72802C0A0(_t38, 0xffffffffffffff0, _t139, _t140);
				_t128 = _t127 - 0xffffffffffffff0;
				_t105 = _t128 + 0x40;
				if (_t105 == 0) goto 0x28014966;
				 *_t105 = 0xcccc;
				goto 0x28014980;
				E00007FF77FF7280070C0(_t39, _t105);
				goto 0x280148d5;
				r9d = r12d;
				 *(_t128 + 0x28) = 0xffffffffffffff1;
				 *((long long*)(_t128 + 0x20)) = _t120;
				_t41 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				_t71 = _t41;
				if (_t41 != 0) goto 0x280148d5;
				goto 0x28014aa4;
				_t43 = malloc(??);
				if (0xffffffffffffff0 == 0) goto 0x28014988;
				 *((intOrPtr*)(0xffffffffffffff0)) = 0xdddd;
				goto 0x28014988;
				if (0x1000000000000000 == 0) goto 0x28014966;
				E00007FF77FF72800B240(_t43, r15d, 0, 0x1000000000000000, _t125 + 0x18, _t71 + _t71);
				r9d = r12d;
				 *(_t128 + 0x28) = _t71;
				 *((long long*)(_t128 + 0x20)) = 0x1000000000000000;
				_t45 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				r15d = 0;
				if (_t45 == r15d) goto 0x28014a90;
				if (_t141 == _t142) goto 0x28014a07;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				 *(_t128 + 0x28) =  *(_t125 + 0xb8);
				r9d = _t71;
				 *((long long*)(_t128 + 0x20)) = _t141;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == r15d) goto 0x28014a90;
				goto 0x28014a90;
				if ( *_t125 != r15d) goto 0x28014a39;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				r9d = _t71;
				 *(_t128 + 0x28) = r15d;
				 *((long long*)(_t128 + 0x20)) = _t142;
				_t48 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t72 = _t48;
				if (_t48 == r15d) goto 0x28014a90;
				E00007FF77FF72800A5E0(0x1000000000000000, 0x1000000000000000, _t72, _t120, _t141, _t125);
				if (0xffffffffffffff0 == _t142) goto 0x28014a90;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				r9d = _t72;
				 *(_t128 + 0x28) = _t72;
				 *((long long*)(_t128 + 0x20)) = 0xffffffffffffff0;
				_t50 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t50 != r15d) goto 0x28014a84;
				free(??);
				goto 0x28014a90;
				if (r12d == 0xffffffff) goto 0x28014a90;
				 *( *(_t125 + 0x10)) = _t50;
				if ( *((intOrPtr*)(0xffffffffffffff0)) != 0xdddd) goto 0x28014aa1;
				free(??);
				return E00007FF77FF728004050(r13d,  *(_t125 + 0x30) ^ _t125, _t72, 0x1000000000000000, _t138);
			}





























                                                                                                                                                                                                    0x7ff72801483c
                                                                                                                                                                                                    0x7ff728014849
                                                                                                                                                                                                    0x7ff728014850
                                                                                                                                                                                                    0x7ff728014855
                                                                                                                                                                                                    0x7ff72801485f
                                                                                                                                                                                                    0x7ff728014863
                                                                                                                                                                                                    0x7ff72801486a
                                                                                                                                                                                                    0x7ff728014875
                                                                                                                                                                                                    0x7ff728014878
                                                                                                                                                                                                    0x7ff72801487c
                                                                                                                                                                                                    0x7ff72801487f
                                                                                                                                                                                                    0x7ff728014882
                                                                                                                                                                                                    0x7ff728014888
                                                                                                                                                                                                    0x7ff72801489a
                                                                                                                                                                                                    0x7ff7280148a4
                                                                                                                                                                                                    0x7ff7280148b9
                                                                                                                                                                                                    0x7ff7280148c3
                                                                                                                                                                                                    0x7ff7280148c5
                                                                                                                                                                                                    0x7ff7280148d0
                                                                                                                                                                                                    0x7ff7280148d2
                                                                                                                                                                                                    0x7ff7280148d7
                                                                                                                                                                                                    0x7ff7280148dd
                                                                                                                                                                                                    0x7ff7280148ed
                                                                                                                                                                                                    0x7ff7280148f3
                                                                                                                                                                                                    0x7ff7280148ff
                                                                                                                                                                                                    0x7ff728014908
                                                                                                                                                                                                    0x7ff728014918
                                                                                                                                                                                                    0x7ff72801491d
                                                                                                                                                                                                    0x7ff728014920
                                                                                                                                                                                                    0x7ff728014928
                                                                                                                                                                                                    0x7ff72801492a
                                                                                                                                                                                                    0x7ff728014930
                                                                                                                                                                                                    0x7ff728014935
                                                                                                                                                                                                    0x7ff72801493d
                                                                                                                                                                                                    0x7ff72801493f
                                                                                                                                                                                                    0x7ff72801494d
                                                                                                                                                                                                    0x7ff728014951
                                                                                                                                                                                                    0x7ff728014956
                                                                                                                                                                                                    0x7ff72801495c
                                                                                                                                                                                                    0x7ff728014960
                                                                                                                                                                                                    0x7ff728014968
                                                                                                                                                                                                    0x7ff72801496d
                                                                                                                                                                                                    0x7ff728014978
                                                                                                                                                                                                    0x7ff72801497a
                                                                                                                                                                                                    0x7ff728014984
                                                                                                                                                                                                    0x7ff72801498b
                                                                                                                                                                                                    0x7ff728014998
                                                                                                                                                                                                    0x7ff7280149a1
                                                                                                                                                                                                    0x7ff7280149ac
                                                                                                                                                                                                    0x7ff7280149b0
                                                                                                                                                                                                    0x7ff7280149b5
                                                                                                                                                                                                    0x7ff7280149bb
                                                                                                                                                                                                    0x7ff7280149c1
                                                                                                                                                                                                    0x7ff7280149ca
                                                                                                                                                                                                    0x7ff7280149d2
                                                                                                                                                                                                    0x7ff7280149d7
                                                                                                                                                                                                    0x7ff7280149dc
                                                                                                                                                                                                    0x7ff7280149e0
                                                                                                                                                                                                    0x7ff7280149eb
                                                                                                                                                                                                    0x7ff7280149f9
                                                                                                                                                                                                    0x7ff728014a02
                                                                                                                                                                                                    0x7ff728014a0b
                                                                                                                                                                                                    0x7ff728014a0d
                                                                                                                                                                                                    0x7ff728014a12
                                                                                                                                                                                                    0x7ff728014a17
                                                                                                                                                                                                    0x7ff728014a22
                                                                                                                                                                                                    0x7ff728014a27
                                                                                                                                                                                                    0x7ff728014a2c
                                                                                                                                                                                                    0x7ff728014a32
                                                                                                                                                                                                    0x7ff728014a37
                                                                                                                                                                                                    0x7ff728014a41
                                                                                                                                                                                                    0x7ff728014a4c
                                                                                                                                                                                                    0x7ff728014a4e
                                                                                                                                                                                                    0x7ff728014a53
                                                                                                                                                                                                    0x7ff728014a58
                                                                                                                                                                                                    0x7ff728014a63
                                                                                                                                                                                                    0x7ff728014a67
                                                                                                                                                                                                    0x7ff728014a6c
                                                                                                                                                                                                    0x7ff728014a75
                                                                                                                                                                                                    0x7ff728014a7a
                                                                                                                                                                                                    0x7ff728014a82
                                                                                                                                                                                                    0x7ff728014a88
                                                                                                                                                                                                    0x7ff728014a8e
                                                                                                                                                                                                    0x7ff728014a9a
                                                                                                                                                                                                    0x7ff728014a9c
                                                                                                                                                                                                    0x7ff728014ac0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF728014892
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280148B1
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF728014956
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF72801496D
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280149B5
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280149F0
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF728014A2C
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF728014A6C
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF728014A7A
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF728014A9C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$Infofree$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1309074677-0
                                                                                                                                                                                                    • Opcode ID: ddcdf63aba2af7ccbb4f9ff1091687fe12846f0595223e00f381b2a32135b9a6
                                                                                                                                                                                                    • Instruction ID: 5da39996bff2c38ce63ab0a70b2ad57bec36d3ffb59adc687508e29a08ba6ad8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddcdf63aba2af7ccbb4f9ff1091687fe12846f0595223e00f381b2a32135b9a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9861E972A09A8246E730AF15DC40279E2D6FF847B8F949632D95D077E4EF3DD4418B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280163B0 Relevance: 15.1, APIs: 10, Instructions: 140COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3951656645-0
                                                                                                                                                                                                    • Opcode ID: 71be907ffdb5954fb9f19019735728fde777d6d86074cdaac84bb97474247b25
                                                                                                                                                                                                    • Instruction ID: ff4ec5d4fe378989c0199e08423411e059535713c2908e55f524499aa017cf4a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71be907ffdb5954fb9f19019735728fde777d6d86074cdaac84bb97474247b25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2761A13260968186EB719BA0ED4432AF7A1EB847B4F901336D6BD47AC9DF6ED4408F10
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728007E88 Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: b084e4c1cfd9c5e526710a43c79106415be09ec5de4f2ef4ea707cbabc5b9e00
                                                                                                                                                                                                    • Instruction ID: affc370320a27c3b2f25669f5b2a90282230822cf579f832d1eb7783c402df3a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b084e4c1cfd9c5e526710a43c79106415be09ec5de4f2ef4ea707cbabc5b9e00
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A241F131A0A98684EE75BB61CC503BCE3A4EF84B54F884433DA2D477D5CF2EA4518B38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFC050 Relevance: 13.7, APIs: 9, Instructions: 176COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E00007FF77FF727FFC050(void* __esi, intOrPtr* __rcx, long long __rdx, void* __r8, long long __r12, long long __r13, long long __r14, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr* _v72;
				long long _v80;
				void* _v88;
				signed int _t64;
				long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				signed short* _t124;
				unsigned long long _t127;
				unsigned long long _t130;
				long long _t136;
				intOrPtr* _t137;
				signed short* _t148;
				signed long long _t152;
				signed long long _t155;
				void* _t159;

				_a16 = __rdx;
				_t117 =  *((intOrPtr*)(__rcx + 0x30));
				if (_t117 - _t117 +  *((intOrPtr*)(__rcx + 0x38)) <= 0) goto 0x27ffc07e;
				E00007FF77FF7280044B8();
				_t137 =  *((intOrPtr*)(__rcx));
				_v80 = _t117;
				_v88 = _t137;
				if (__rdx == __r8) goto 0x27ffc290;
				_a24 = __r13;
				_a32 = __r14;
				asm("movaps [esp+0x40], xmm6");
				asm("movaps xmm6, [esp+0x20]");
				_a8 = __r12;
				_t155 = _t117 + __rdx;
				_t159 = __r8 - 1;
				_t152 = _t117 + __r8 - 1;
				if (__rdx == _t159) goto 0x27ffc273;
				asm("movdqa [esp+0x20], xmm6");
				if (_t137 != 0) goto 0x27ffc0e6;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffc0ed;
				if (_t152 -  *((intOrPtr*)( *_t137 + 0x38)) +  *((intOrPtr*)( *_t137 + 0x30)) > 0) goto 0x27ffc10d;
				if (_t137 == 0) goto 0x27ffc105;
				goto 0x27ffc107;
				if (_t152 -  *((intOrPtr*)( *_t137 + 0x30)) >= 0) goto 0x27ffc112;
				E00007FF77FF7280044B8();
				_t118 = _v88;
				_t127 = _t152 >> 3;
				if (_t118 != 0) goto 0x27ffc135;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffc13b;
				if (_t152 -  *((intOrPtr*)( *_t118 + 0x38)) +  *((intOrPtr*)( *_t118 + 0x30)) < 0) goto 0x27ffc14d;
				E00007FF77FF7280044B8();
				if (_t118 == 0) goto 0x27ffc157;
				goto 0x27ffc159;
				if ( *((intOrPtr*)( *_t118 + 0x28)) - _t127 > 0) goto 0x27ffc16f;
				if (_t118 == 0) goto 0x27ffc169;
				goto 0x27ffc16b;
				if (_t118 == 0) goto 0x27ffc179;
				goto 0x27ffc17b;
				asm("movdqa [esp+0x30], xmm6");
				_t148 =  *((intOrPtr*)( *((intOrPtr*)( *_t118 + 0x20)) + (_t127 -  *((intOrPtr*)( *_t118 + 0x28))) * 8)) + _t152 * 2;
				if (_t137 != 0) goto 0x27ffc19e;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffc1a5;
				if (_t155 -  *((intOrPtr*)( *_t137 + 0x38)) +  *((intOrPtr*)( *_t137 + 0x30)) > 0) goto 0x27ffc1c5;
				if (_t137 == 0) goto 0x27ffc1bd;
				goto 0x27ffc1bf;
				if (_t155 -  *((intOrPtr*)( *_t137 + 0x30)) >= 0) goto 0x27ffc1ca;
				E00007FF77FF7280044B8();
				_t119 = _v72;
				_t130 = _t155 >> 3;
				if (_t119 != 0) goto 0x27ffc1ed;
				E00007FF77FF7280044B8();
				r11d = 0;
				goto 0x27ffc1f3;
				if (_t155 -  *((intOrPtr*)( *_t119 + 0x38)) +  *((intOrPtr*)( *_t119 + 0x30)) < 0) goto 0x27ffc205;
				E00007FF77FF7280044B8();
				if (_t119 == 0) goto 0x27ffc20f;
				goto 0x27ffc211;
				if ( *((intOrPtr*)( *_t119 + 0x28)) - _t130 > 0) goto 0x27ffc227;
				if (_t119 == 0) goto 0x27ffc221;
				goto 0x27ffc223;
				if (_t119 == 0) goto 0x27ffc231;
				goto 0x27ffc233;
				_t124 =  *((intOrPtr*)( *((intOrPtr*)( *_t119 + 0x20)) + (_t130 -  *((intOrPtr*)( *_t119 + 0x28))) * 8)) + _t155 * 2;
				if (_t124 == _t148) goto 0x27ffc254;
				_t64 =  *_t148 & 0x0000ffff;
				 *_t124 = _t64;
				 *_t148 =  *_t124 & 0x0000ffff;
				_t136 = _a16 + 1;
				_a16 = _t136;
				if (_t136 != _t159) goto 0x27ffc0c0;
				asm("movaps xmm6, [esp+0x40]");
				return _t64;
			}



















                                                                                                                                                                                                    0x7ff727ffc050
                                                                                                                                                                                                    0x7ff727ffc05f
                                                                                                                                                                                                    0x7ff727ffc077
                                                                                                                                                                                                    0x7ff727ffc079
                                                                                                                                                                                                    0x7ff727ffc07e
                                                                                                                                                                                                    0x7ff727ffc081
                                                                                                                                                                                                    0x7ff727ffc086
                                                                                                                                                                                                    0x7ff727ffc08e
                                                                                                                                                                                                    0x7ff727ffc094
                                                                                                                                                                                                    0x7ff727ffc09c
                                                                                                                                                                                                    0x7ff727ffc0a4
                                                                                                                                                                                                    0x7ff727ffc0a9
                                                                                                                                                                                                    0x7ff727ffc0ae
                                                                                                                                                                                                    0x7ff727ffc0b6
                                                                                                                                                                                                    0x7ff727ffc0c0
                                                                                                                                                                                                    0x7ff727ffc0c3
                                                                                                                                                                                                    0x7ff727ffc0c9
                                                                                                                                                                                                    0x7ff727ffc0cf
                                                                                                                                                                                                    0x7ff727ffc0d8
                                                                                                                                                                                                    0x7ff727ffc0da
                                                                                                                                                                                                    0x7ff727ffc0df
                                                                                                                                                                                                    0x7ff727ffc0e4
                                                                                                                                                                                                    0x7ff727ffc0f8
                                                                                                                                                                                                    0x7ff727ffc0fd
                                                                                                                                                                                                    0x7ff727ffc103
                                                                                                                                                                                                    0x7ff727ffc10b
                                                                                                                                                                                                    0x7ff727ffc10d
                                                                                                                                                                                                    0x7ff727ffc112
                                                                                                                                                                                                    0x7ff727ffc11d
                                                                                                                                                                                                    0x7ff727ffc127
                                                                                                                                                                                                    0x7ff727ffc129
                                                                                                                                                                                                    0x7ff727ffc12e
                                                                                                                                                                                                    0x7ff727ffc133
                                                                                                                                                                                                    0x7ff727ffc146
                                                                                                                                                                                                    0x7ff727ffc148
                                                                                                                                                                                                    0x7ff727ffc150
                                                                                                                                                                                                    0x7ff727ffc155
                                                                                                                                                                                                    0x7ff727ffc15d
                                                                                                                                                                                                    0x7ff727ffc162
                                                                                                                                                                                                    0x7ff727ffc167
                                                                                                                                                                                                    0x7ff727ffc172
                                                                                                                                                                                                    0x7ff727ffc177
                                                                                                                                                                                                    0x7ff727ffc17f
                                                                                                                                                                                                    0x7ff727ffc189
                                                                                                                                                                                                    0x7ff727ffc190
                                                                                                                                                                                                    0x7ff727ffc192
                                                                                                                                                                                                    0x7ff727ffc197
                                                                                                                                                                                                    0x7ff727ffc19c
                                                                                                                                                                                                    0x7ff727ffc1b0
                                                                                                                                                                                                    0x7ff727ffc1b5
                                                                                                                                                                                                    0x7ff727ffc1bb
                                                                                                                                                                                                    0x7ff727ffc1c3
                                                                                                                                                                                                    0x7ff727ffc1c5
                                                                                                                                                                                                    0x7ff727ffc1ca
                                                                                                                                                                                                    0x7ff727ffc1d5
                                                                                                                                                                                                    0x7ff727ffc1df
                                                                                                                                                                                                    0x7ff727ffc1e1
                                                                                                                                                                                                    0x7ff727ffc1e6
                                                                                                                                                                                                    0x7ff727ffc1eb
                                                                                                                                                                                                    0x7ff727ffc1fe
                                                                                                                                                                                                    0x7ff727ffc200
                                                                                                                                                                                                    0x7ff727ffc208
                                                                                                                                                                                                    0x7ff727ffc20d
                                                                                                                                                                                                    0x7ff727ffc215
                                                                                                                                                                                                    0x7ff727ffc21a
                                                                                                                                                                                                    0x7ff727ffc21f
                                                                                                                                                                                                    0x7ff727ffc22a
                                                                                                                                                                                                    0x7ff727ffc22f
                                                                                                                                                                                                    0x7ff727ffc23b
                                                                                                                                                                                                    0x7ff727ffc242
                                                                                                                                                                                                    0x7ff727ffc244
                                                                                                                                                                                                    0x7ff727ffc24c
                                                                                                                                                                                                    0x7ff727ffc24f
                                                                                                                                                                                                    0x7ff727ffc25f
                                                                                                                                                                                                    0x7ff727ffc262
                                                                                                                                                                                                    0x7ff727ffc26d
                                                                                                                                                                                                    0x7ff727ffc28b
                                                                                                                                                                                                    0x7ff727ffc29a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 4030c83a59812f64d6c05d60debb6fb5f98c41b8662f9c9e344c53440360d978
                                                                                                                                                                                                    • Instruction ID: 0904712f55204bab483d4ba315eb956d0e4652c819563f0572afa89449feeea2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4030c83a59812f64d6c05d60debb6fb5f98c41b8662f9c9e344c53440360d978
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2361CF12B1EEA180EA60BF25DE40269E3A4FF45B88F894431DE4D47394DF38DA13CB25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280125EC Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                                                                                    			E00007FF77FF7280125EC(void* __edx, long long __rbx, intOrPtr* __rcx, long long __rdi, long long __rsi, void* __r8) {
				void* _t43;
				int _t45;
				int _t55;
				void* _t71;
				intOrPtr _t84;
				signed long long _t100;
				intOrPtr _t108;
				void* _t113;
				long long _t121;
				intOrPtr* _t122;
				long long _t125;
				char* _t131;
				signed long long _t132;
				void* _t134;
				void* _t135;
				void* _t136;
				void* _t148;
				void* _t149;
				int _t150;
				int _t151;
				int _t153;
				short* _t156;
				void* _t157;
				int _t160;

				_t121 = __rdi;
				 *(_t134 + 0x20) = r9d;
				_t135 = _t134 - 0x40;
				_t132 = _t135 + 0x30;
				 *((long long*)(_t132 + 0x40)) = __rbx;
				 *((long long*)(_t132 + 0x48)) = __rsi;
				 *((long long*)(_t132 + 0x50)) = __rdi;
				_t100 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t132 + 8) = _t100 ^ _t132;
				r9d =  *0x28043f5c; // 0x1
				_t157 = __r8;
				r15d = __edx;
				_t7 = _t121 + 1; // 0x2
				_t71 = _t7;
				if (r9d != 0) goto 0x28012679;
				r8d = 1;
				if (GetStringTypeW(_t160, _t156) == 0) goto 0x2801265e;
				 *0x28043f5c = 1;
				goto 0x28012694;
				GetLastError();
				r9d =  *0x28043f5c; // 0x1
				r9d =  ==  ? _t71 : r9d;
				 *0x28043f5c = r9d;
				if (r9d == _t71) goto 0x280127a8;
				if (r9d == 0) goto 0x280127a8;
				if (r9d != 1) goto 0x280127d7;
				if ( *((intOrPtr*)(_t132 + 0x68)) != 0) goto 0x280126a2;
				 *(_t132 + 0x78) =  ~( *(_t132 + 0x78));
				r9d =  *(_t132 + 0x58);
				asm("sbb edx, edx");
				 *((intOrPtr*)(_t135 + 0x28)) = 0;
				 *((long long*)(_t135 + 0x20)) = __rbx;
				_t151 = MultiByteToWideChar(_t153, _t150, _t131);
				_t84 = r12d;
				if (_t84 == 0) goto 0x280127d7;
				r13d = 0xdddd;
				if (_t84 <= 0) goto 0x28012740;
				if (_t151 - 0xfffffff0 > 0) goto 0x28012740;
				_t16 = _t151 + 0x10; // 0x1a
				_t113 = _t151 + _t16;
				if (_t113 - 0x400 > 0) goto 0x2801272a;
				_t17 = _t113 + 0xf; // 0x29
				if (_t17 - _t113 > 0) goto 0x28012708;
				E00007FF77FF72802C0A0(_t41, 0xffffffffffffff0, _t148, _t149);
				_t136 = _t135 - 0xfffffff0;
				_t122 = _t136 + 0x30;
				if (_t122 == __rbx) goto 0x280127d7;
				 *_t122 = 0xcccc;
				goto 0x2801273a;
				_t43 = malloc(??);
				if (0xfffffff0 == __rbx) goto 0x28012743;
				 *((intOrPtr*)(0xffffffffffffff0)) = r13d;
				goto 0x28012743;
				_t125 = __rbx;
				if (__rbx == __rbx) goto 0x280127d7;
				E00007FF77FF72800B240(_t43,  *((intOrPtr*)( *__rcx + 4)), 0, __rbx, 0x280315e0, _t151 + _t151);
				r9d =  *(_t132 + 0x58);
				 *((intOrPtr*)(_t136 + 0x28)) = r12d;
				 *((long long*)(_t136 + 0x20)) = __rbx;
				_t45 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t45 == 0) goto 0x28012793;
				r8d = _t45;
				_t55 = GetStringTypeW(??, ??, ??, ??);
				_t23 = _t125 - 0x10; // -16
				if ( *_t23 != r13d) goto 0x280127a1;
				free(??);
				goto 0x28012830;
				r12d =  *((intOrPtr*)(_t132 + 0x70));
				if (r12d != _t55) goto 0x280127bc;
				r12d =  *((intOrPtr*)( *__rcx + 0x14));
				if ( *((intOrPtr*)(_t132 + 0x68)) != _t55) goto 0x280127ca;
				_t108 =  *__rcx;
				if (E00007FF77FF7280147E8(_t55, r12d,  *((intOrPtr*)(_t132 + 0x60))) != 0xffffffff) goto 0x280127db;
				goto 0x28012830;
				if (0 ==  *((intOrPtr*)(_t108 + 4))) goto 0x28012803;
				 *((intOrPtr*)(_t136 + 0x28)) = _t55;
				 *((long long*)(_t136 + 0x20)) = __rbx;
				E00007FF77FF72801483C( *((intOrPtr*)(_t108 + 4)), 0, _t157, _t132 + 0x58);
				if (_t108 == __rbx) goto 0x280127d7;
				r9d =  *(_t132 + 0x58);
				 *((long long*)(_t136 + 0x20)) =  *((intOrPtr*)(_t132 + 0x60));
				GetStringTypeA(??, ??, ??, ??, ??);
				if (_t108 == __rbx) goto 0x2801282e;
				free(??);
				return E00007FF77FF728004050(r12d,  *(_t132 + 8) ^ _t132, __rbx, _t108, _t132 + 0x58);
			}



























                                                                                                                                                                                                    0x7ff7280125ec
                                                                                                                                                                                                    0x7ff7280125ec
                                                                                                                                                                                                    0x7ff7280125fa
                                                                                                                                                                                                    0x7ff7280125fe
                                                                                                                                                                                                    0x7ff728012603
                                                                                                                                                                                                    0x7ff728012607
                                                                                                                                                                                                    0x7ff72801260b
                                                                                                                                                                                                    0x7ff72801260f
                                                                                                                                                                                                    0x7ff728012619
                                                                                                                                                                                                    0x7ff72801261d
                                                                                                                                                                                                    0x7ff72801262b
                                                                                                                                                                                                    0x7ff72801262e
                                                                                                                                                                                                    0x7ff728012634
                                                                                                                                                                                                    0x7ff728012634
                                                                                                                                                                                                    0x7ff72801263a
                                                                                                                                                                                                    0x7ff728012647
                                                                                                                                                                                                    0x7ff728012654
                                                                                                                                                                                                    0x7ff728012656
                                                                                                                                                                                                    0x7ff72801265c
                                                                                                                                                                                                    0x7ff72801265e
                                                                                                                                                                                                    0x7ff728012664
                                                                                                                                                                                                    0x7ff72801266e
                                                                                                                                                                                                    0x7ff728012672
                                                                                                                                                                                                    0x7ff72801267c
                                                                                                                                                                                                    0x7ff728012685
                                                                                                                                                                                                    0x7ff72801268e
                                                                                                                                                                                                    0x7ff728012699
                                                                                                                                                                                                    0x7ff7280126a2
                                                                                                                                                                                                    0x7ff7280126a5
                                                                                                                                                                                                    0x7ff7280126ac
                                                                                                                                                                                                    0x7ff7280126b0
                                                                                                                                                                                                    0x7ff7280126b7
                                                                                                                                                                                                    0x7ff7280126c4
                                                                                                                                                                                                    0x7ff7280126c7
                                                                                                                                                                                                    0x7ff7280126ca
                                                                                                                                                                                                    0x7ff7280126d0
                                                                                                                                                                                                    0x7ff7280126d6
                                                                                                                                                                                                    0x7ff7280126e5
                                                                                                                                                                                                    0x7ff7280126e7
                                                                                                                                                                                                    0x7ff7280126e7
                                                                                                                                                                                                    0x7ff7280126f3
                                                                                                                                                                                                    0x7ff7280126f5
                                                                                                                                                                                                    0x7ff7280126fc
                                                                                                                                                                                                    0x7ff72801270c
                                                                                                                                                                                                    0x7ff728012711
                                                                                                                                                                                                    0x7ff728012714
                                                                                                                                                                                                    0x7ff72801271c
                                                                                                                                                                                                    0x7ff728012722
                                                                                                                                                                                                    0x7ff728012728
                                                                                                                                                                                                    0x7ff72801272a
                                                                                                                                                                                                    0x7ff728012735
                                                                                                                                                                                                    0x7ff728012737
                                                                                                                                                                                                    0x7ff72801273e
                                                                                                                                                                                                    0x7ff728012740
                                                                                                                                                                                                    0x7ff728012746
                                                                                                                                                                                                    0x7ff728012757
                                                                                                                                                                                                    0x7ff72801275c
                                                                                                                                                                                                    0x7ff72801276a
                                                                                                                                                                                                    0x7ff72801276f
                                                                                                                                                                                                    0x7ff728012774
                                                                                                                                                                                                    0x7ff72801277c
                                                                                                                                                                                                    0x7ff728012782
                                                                                                                                                                                                    0x7ff728012791
                                                                                                                                                                                                    0x7ff728012793
                                                                                                                                                                                                    0x7ff72801279a
                                                                                                                                                                                                    0x7ff72801279c
                                                                                                                                                                                                    0x7ff7280127a3
                                                                                                                                                                                                    0x7ff7280127a8
                                                                                                                                                                                                    0x7ff7280127b2
                                                                                                                                                                                                    0x7ff7280127b8
                                                                                                                                                                                                    0x7ff7280127c1
                                                                                                                                                                                                    0x7ff7280127c3
                                                                                                                                                                                                    0x7ff7280127d5
                                                                                                                                                                                                    0x7ff7280127d9
                                                                                                                                                                                                    0x7ff7280127dd
                                                                                                                                                                                                    0x7ff7280127ea
                                                                                                                                                                                                    0x7ff7280127ee
                                                                                                                                                                                                    0x7ff7280127f3
                                                                                                                                                                                                    0x7ff7280127fe
                                                                                                                                                                                                    0x7ff728012807
                                                                                                                                                                                                    0x7ff728012814
                                                                                                                                                                                                    0x7ff728012819
                                                                                                                                                                                                    0x7ff728012824
                                                                                                                                                                                                    0x7ff728012829
                                                                                                                                                                                                    0x7ff728012855

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF72801264C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF72801265E
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF7280126BE
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF72801272A
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF728012774
                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF72801278B
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF72801279C
                                                                                                                                                                                                    • GetStringTypeA.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF7280128BE), ref: 00007FF728012819
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF728012829
                                                                                                                                                                                                      • Part of subcall function 00007FF72801483C: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF728014892
                                                                                                                                                                                                      • Part of subcall function 00007FF72801483C: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280148B1
                                                                                                                                                                                                      • Part of subcall function 00007FF72801483C: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280149B5
                                                                                                                                                                                                      • Part of subcall function 00007FF72801483C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF7280149F0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$StringType$Infofree$ErrorLastmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3804003340-0
                                                                                                                                                                                                    • Opcode ID: 115f6eea8dedc5ed251d069930978551ce189c9ac9d53966058a53c2e0c20737
                                                                                                                                                                                                    • Instruction ID: 01f229a4dc385b8f11d3a9563eba59906cfabedb5b618dd613e67bcfa9ed2ec1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 115f6eea8dedc5ed251d069930978551ce189c9ac9d53966058a53c2e0c20737
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A618236B0468286D730EF61DC40469E796FF48BB8B945236DA1D53BD4EF3AE8408F58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800574C Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointer$_initterm$ExitProcess_lock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2551688548-0
                                                                                                                                                                                                    • Opcode ID: e5378ab1e68341b08446536e14f55dd7bb624f0fc9be673db24ed96fa75622f8
                                                                                                                                                                                                    • Instruction ID: cd15c3920b40a13add8ee7cdd05a5c8058cc06a8845945f839bc4ba4aa831a6d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5378ab1e68341b08446536e14f55dd7bb624f0fc9be673db24ed96fa75622f8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F416D31E0EA4281E670BB11EC50679E295FF44784F944036DA6D577E6EF3EE4418F28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801181C Relevance: 13.6, APIs: 9, Instructions: 89COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF72801181C(void* __ebx, signed int __ecx, void* __edx, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t49;
				void* _t55;
				signed int* _t59;
				signed int* _t60;
				long long _t66;
				signed long long _t69;
				void* _t76;
				signed long long _t78;

				_t75 = __r8;
				_t71 = __rbp;
				_t65 = __rdx;
				_t64 = __rcx;
				_t34 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				r13d = __edx;
				_t62 = __ecx;
				if (__ebx != 0xfffffffe) goto 0x28011861;
				E00007FF77FF7280078CC(__rax);
				 *__rax = 0;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28011935;
				if (__ebx < 0) goto 0x2801190c;
				_t55 = _t34 -  *0x280489c0; // 0x20
				if (_t55 >= 0) goto 0x2801190c;
				_t78 = __ecx >> 5;
				_t69 = __ecx * 0x58;
				_t59 =  *((intOrPtr*)(0x280489e0 + _t78 * 8));
				if (_t55 != 0) goto 0x280118c8;
				E00007FF77FF7280078CC(_t59);
				 *_t59 = 0;
				E00007FF77FF7280078AC(_t59);
				 *_t59 = 9;
				_v56 = _t66;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t59, __ecx, __rcx, __rdx, _t69, __rbp, __r8);
				goto 0x28011935;
				E00007FF77FF72801593C(_t34, _t34, _t62, _t66, _t69, _t76);
				_t60 =  *((intOrPtr*)(0x280489e0 + _t78 * 8));
				if (( *(_t60 + _t69 + 8) & 0x00000001) == 0) goto 0x280118ec;
				r8d = r12d;
				_t49 = E00007FF77FF728011784(_t34, _t34, r13d, _t60, _t62, _t69);
				goto 0x28011901;
				E00007FF77FF7280078AC(_t60);
				 *_t60 = 9;
				E00007FF77FF7280078CC(_t60);
				 *_t60 = _t49;
				E00007FF77FF7280159E4();
				goto 0x28011935;
				E00007FF77FF7280078CC(_t60);
				 *_t60 = _t49 | 0xffffffff;
				E00007FF77FF7280078AC(_t60);
				 *_t60 = 9;
				_v56 = _t66;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t60, _t62, _t64, _t65, _t69, _t71, _t75) | 0xffffffff;
			}















                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff72801181c
                                                                                                                                                                                                    0x7ff728011821
                                                                                                                                                                                                    0x7ff728011826
                                                                                                                                                                                                    0x7ff728011837
                                                                                                                                                                                                    0x7ff72801183a
                                                                                                                                                                                                    0x7ff72801183d
                                                                                                                                                                                                    0x7ff728011843
                                                                                                                                                                                                    0x7ff728011845
                                                                                                                                                                                                    0x7ff72801184c
                                                                                                                                                                                                    0x7ff72801184e
                                                                                                                                                                                                    0x7ff728011853
                                                                                                                                                                                                    0x7ff72801185c
                                                                                                                                                                                                    0x7ff728011865
                                                                                                                                                                                                    0x7ff72801186b
                                                                                                                                                                                                    0x7ff728011871
                                                                                                                                                                                                    0x7ff72801187d
                                                                                                                                                                                                    0x7ff72801188b
                                                                                                                                                                                                    0x7ff72801188f
                                                                                                                                                                                                    0x7ff72801189b
                                                                                                                                                                                                    0x7ff72801189d
                                                                                                                                                                                                    0x7ff7280118a2
                                                                                                                                                                                                    0x7ff7280118a4
                                                                                                                                                                                                    0x7ff7280118a9
                                                                                                                                                                                                    0x7ff7280118af
                                                                                                                                                                                                    0x7ff7280118b4
                                                                                                                                                                                                    0x7ff7280118b7
                                                                                                                                                                                                    0x7ff7280118be
                                                                                                                                                                                                    0x7ff7280118c6
                                                                                                                                                                                                    0x7ff7280118ca
                                                                                                                                                                                                    0x7ff7280118d0
                                                                                                                                                                                                    0x7ff7280118d9
                                                                                                                                                                                                    0x7ff7280118db
                                                                                                                                                                                                    0x7ff7280118e8
                                                                                                                                                                                                    0x7ff7280118ea
                                                                                                                                                                                                    0x7ff7280118ec
                                                                                                                                                                                                    0x7ff7280118f1
                                                                                                                                                                                                    0x7ff7280118f7
                                                                                                                                                                                                    0x7ff7280118fc
                                                                                                                                                                                                    0x7ff728011903
                                                                                                                                                                                                    0x7ff72801190a
                                                                                                                                                                                                    0x7ff72801190c
                                                                                                                                                                                                    0x7ff728011911
                                                                                                                                                                                                    0x7ff728011913
                                                                                                                                                                                                    0x7ff728011918
                                                                                                                                                                                                    0x7ff72801191e
                                                                                                                                                                                                    0x7ff728011923
                                                                                                                                                                                                    0x7ff728011926
                                                                                                                                                                                                    0x7ff72801194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: f10987436b34bd0968861f3bbb4ff45c1ba2012104b75b240ae358803b696601
                                                                                                                                                                                                    • Instruction ID: 8bbc282a2d3a00afde153f17bbab36d96cca2a71dbe2f87595b97661ba76ec47
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f10987436b34bd0968861f3bbb4ff45c1ba2012104b75b240ae358803b696601
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2131BE32E1864241E325BF25AC4167DF650FF80760F956636EA390B7D2DF3EA8018B38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728019F60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			E00007FF77FF728019F60(void* __ebx, long long __rbx, long long __rdx, void* __r8, void* __r9, void* _a8) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				long long _v152;
				intOrPtr _v160;
				long long _v168;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				long _t70;
				signed long long _t109;
				char _t117;
				long long _t143;
				long long _t144;
				long long _t145;
				long long _t149;
				long long _t150;
				void* _t154;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;
				signed long long _t167;
				void* _t169;
				void* _t170;
				void* _t182;
				void* _t185;
				long long _t186;
				long long _t187;

				_t185 = _t170;
				_v120 = 0xfffffffe;
				 *((long long*)(_t185 + 8)) = __rbx;
				_t109 =  *0x28040430; // 0x449f3b8ca6a
				_v56 = _t109 ^ _t170 - 0x000000a0;
				_t186 = __rdx;
				 *((long long*)(_t185 - 0x68)) = __rdx;
				r13d = 0;
				_v136 = r13d;
				 *((long long*)(_t185 - 0x80)) = _t187;
				_v152 = _t187;
				_v160 = r13d;
				_v168 = _t185 - 0x80;
				r9d = 0x400;
				_t70 = FormatMessageA(??, ??, ??, ??, ??, ??, ??);
				_t124 = _v128;
				_v112 = _v128;
				if (_t70 != 0) goto 0x2801a016;
				 *((long long*)(__rdx + 0x20)) = 0xf;
				 *((long long*)(__rdx + 0x18)) = _t187;
				 *(__rdx + 8) = _t70;
				_t16 = _t187 + 0xd; // 0xd
				r8d = _t16;
				E00007FF77FF727FF1DC0(_v128, __rdx, "Unknown error", _t154, _t167, __r8);
				_v136 = 1;
				LocalFree(??);
				goto 0x2801a23e;
				_v64 = 0xf;
				_v72 = _t187;
				_v88 = 0;
				asm("repne scasb");
				E00007FF77FF727FF1DC0(_v128,  &_v96, _v128, _v128, _t167,  !(_t124 | 0xffffffff) - 1);
				_t143 = _v72;
				if (_t143 == 0) goto 0x2801a1d4;
				_t163 = _t143 - 1;
				if (_t163 - _t143 <= 0) goto 0x2801a08e;
				E00007FF77FF7280044B8();
				_t144 = _v72;
				_t114 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t163)) == 0xa) goto 0x2801a0da;
				_t164 = _t144 - 1;
				if (_t164 - _t144 <= 0) goto 0x2801a0c1;
				E00007FF77FF7280044B8();
				_t145 = _v72;
				_t116 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t164)) != 0xd) goto 0x2801a18b;
				_t165 = _t145 - 1;
				if (_t145 - _t165 >= 0) goto 0x2801a0fc;
				E00007FF77FF728003434( >=  ? _v88 :  &_v88, _t124, _v64, _t167 | 0xffffffff);
				_t182 = _v72 - _t165;
				if (_t182 - 0xffffffff >= 0) goto 0x2801a110;
				_t169 = _t182;
				if (_t182 == 0) goto 0x2801a181;
				_t117 = _v88;
				_t176 =  >=  ? _t117 :  &_v88;
				_t132 =  >=  ? _t117 :  &_v88;
				_t133 = ( >=  ? _t117 :  &_v88) + _t165;
				_t177 = ( >=  ? _t117 :  &_v88) + _t165;
				_t178 = ( >=  ? _t117 :  &_v88) + _t165 + _t169;
				E00007FF77FF728004070(( >=  ? _t117 :  &_v88) + _t165, _v64 - _t165, ( >=  ? _t117 :  &_v88) + _t165 + _t169, _t182 - _t169);
				_t149 = _v72 - _t169;
				_v72 = _t149;
				_t119 =  >=  ? _v88 :  &_v88;
				 *((char*)(( >=  ? _v88 :  &_v88) + _t149)) = 0;
				_t150 = _v72;
				if (_t150 == 0) goto 0x2801a1d4;
				goto 0x2801a070;
				if (_t150 == 0) goto 0x2801a1d4;
				_t166 = _t150 - 1;
				if (_t166 - _t150 <= 0) goto 0x2801a1ae;
				E00007FF77FF7280044B8();
				_t121 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t166)) != 0x2e) goto 0x2801a1d4;
				E00007FF77FF727FF1FC0(_t124,  &_v96, _v72 - 1, _t166, _t169, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff);
				 *((long long*)(_t186 + 0x20)) = 0xf;
				 *((long long*)(_t186 + 0x18)) = _t187;
				 *((char*)(_t186 + 8)) = 0;
				r8d = 0;
				E00007FF77FF727FF1CA0(_t124, _t186,  &_v96, _v64, _t166, _t169, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
				_v136 = 1;
				if (_v64 - 0x10 < 0) goto 0x2801a219;
				E00007FF77FF7280044D8( >=  ? _v88 :  &_v88, _t124, _v88,  &_v96, _t166, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
				_v64 = 0xf;
				_v72 = _t187;
				_v88 = 0;
				LocalFree(??);
				return E00007FF77FF728004050(0x1300, _v56 ^ _t170 - 0x000000a0,  &_v96, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
			}






































                                                                                                                                                                                                    0x7ff728019f60
                                                                                                                                                                                                    0x7ff728019f71
                                                                                                                                                                                                    0x7ff728019f7a
                                                                                                                                                                                                    0x7ff728019f7e
                                                                                                                                                                                                    0x7ff728019f88
                                                                                                                                                                                                    0x7ff728019f90
                                                                                                                                                                                                    0x7ff728019f93
                                                                                                                                                                                                    0x7ff728019f97
                                                                                                                                                                                                    0x7ff728019f9a
                                                                                                                                                                                                    0x7ff728019f9f
                                                                                                                                                                                                    0x7ff728019fa3
                                                                                                                                                                                                    0x7ff728019fa8
                                                                                                                                                                                                    0x7ff728019fb1
                                                                                                                                                                                                    0x7ff728019fbd
                                                                                                                                                                                                    0x7ff728019fc3
                                                                                                                                                                                                    0x7ff728019fc9
                                                                                                                                                                                                    0x7ff728019fce
                                                                                                                                                                                                    0x7ff728019fd5
                                                                                                                                                                                                    0x7ff728019fd7
                                                                                                                                                                                                    0x7ff728019fe0
                                                                                                                                                                                                    0x7ff728019fe5
                                                                                                                                                                                                    0x7ff728019fea
                                                                                                                                                                                                    0x7ff728019fea
                                                                                                                                                                                                    0x7ff728019ff8
                                                                                                                                                                                                    0x7ff728019ffd
                                                                                                                                                                                                    0x7ff72801a008
                                                                                                                                                                                                    0x7ff72801a011
                                                                                                                                                                                                    0x7ff72801a016
                                                                                                                                                                                                    0x7ff72801a022
                                                                                                                                                                                                    0x7ff72801a02a
                                                                                                                                                                                                    0x7ff72801a038
                                                                                                                                                                                                    0x7ff72801a049
                                                                                                                                                                                                    0x7ff72801a04f
                                                                                                                                                                                                    0x7ff72801a05a
                                                                                                                                                                                                    0x7ff72801a070
                                                                                                                                                                                                    0x7ff72801a077
                                                                                                                                                                                                    0x7ff72801a079
                                                                                                                                                                                                    0x7ff72801a086
                                                                                                                                                                                                    0x7ff72801a097
                                                                                                                                                                                                    0x7ff72801a0a1
                                                                                                                                                                                                    0x7ff72801a0a3
                                                                                                                                                                                                    0x7ff72801a0aa
                                                                                                                                                                                                    0x7ff72801a0ac
                                                                                                                                                                                                    0x7ff72801a0b9
                                                                                                                                                                                                    0x7ff72801a0ca
                                                                                                                                                                                                    0x7ff72801a0d4
                                                                                                                                                                                                    0x7ff72801a0de
                                                                                                                                                                                                    0x7ff72801a0e5
                                                                                                                                                                                                    0x7ff72801a0e7
                                                                                                                                                                                                    0x7ff72801a0ff
                                                                                                                                                                                                    0x7ff72801a106
                                                                                                                                                                                                    0x7ff72801a108
                                                                                                                                                                                                    0x7ff72801a10e
                                                                                                                                                                                                    0x7ff72801a115
                                                                                                                                                                                                    0x7ff72801a11e
                                                                                                                                                                                                    0x7ff72801a12b
                                                                                                                                                                                                    0x7ff72801a135
                                                                                                                                                                                                    0x7ff72801a138
                                                                                                                                                                                                    0x7ff72801a13b
                                                                                                                                                                                                    0x7ff72801a141
                                                                                                                                                                                                    0x7ff72801a14e
                                                                                                                                                                                                    0x7ff72801a151
                                                                                                                                                                                                    0x7ff72801a167
                                                                                                                                                                                                    0x7ff72801a16d
                                                                                                                                                                                                    0x7ff72801a179
                                                                                                                                                                                                    0x7ff72801a184
                                                                                                                                                                                                    0x7ff72801a186
                                                                                                                                                                                                    0x7ff72801a18e
                                                                                                                                                                                                    0x7ff72801a190
                                                                                                                                                                                                    0x7ff72801a197
                                                                                                                                                                                                    0x7ff72801a199
                                                                                                                                                                                                    0x7ff72801a1b7
                                                                                                                                                                                                    0x7ff72801a1c1
                                                                                                                                                                                                    0x7ff72801a1cf
                                                                                                                                                                                                    0x7ff72801a1d4
                                                                                                                                                                                                    0x7ff72801a1dd
                                                                                                                                                                                                    0x7ff72801a1e2
                                                                                                                                                                                                    0x7ff72801a1ec
                                                                                                                                                                                                    0x7ff72801a1f7
                                                                                                                                                                                                    0x7ff72801a1fc
                                                                                                                                                                                                    0x7ff72801a20d
                                                                                                                                                                                                    0x7ff72801a214
                                                                                                                                                                                                    0x7ff72801a219
                                                                                                                                                                                                    0x7ff72801a225
                                                                                                                                                                                                    0x7ff72801a22d
                                                                                                                                                                                                    0x7ff72801a235
                                                                                                                                                                                                    0x7ff72801a264

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$FormatFreeLocalMessage
                                                                                                                                                                                                    • String ID: Unknown error
                                                                                                                                                                                                    • API String ID: 3408990668-83687255
                                                                                                                                                                                                    • Opcode ID: 7b9eeed1eaa9fbeac6c5963c93b71ae23eb17b54183d238eedd3940b7ac5251d
                                                                                                                                                                                                    • Instruction ID: 208cb92c31e1b8170570f61cbdb4a2858100b27d94cd9a426eb2b7ab32ff7473
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b9eeed1eaa9fbeac6c5963c93b71ae23eb17b54183d238eedd3940b7ac5251d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE719362A08BC185EB30AB25E84439EF7A1F7817A4F909332DAAC076D9DF3DD445CB14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFE8C0 Relevance: 12.3, APIs: 8, Instructions: 340COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF77FF727FFE8C0(void* __edx, void* __ebp, long long __rbx, void* __rcx, long long _a24) {
				signed int _v64;
				long long _v72;
				long long _v80;
				char _v96;
				char _v104;
				long long _v112;
				char _v120;
				char _v128;
				void* _v135;
				char _v136;
				void* _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t126;
				void* _t133;
				void* _t156;
				void* _t192;
				signed long long _t222;
				void* _t263;
				long long _t275;
				char* _t277;
				char* _t279;
				long long _t280;
				long long _t285;
				char _t286;
				char _t288;
				char _t291;
				char _t293;
				long long _t301;
				intOrPtr* _t308;
				long long* _t310;
				long long _t311;
				long long _t328;
				char* _t331;
				void* _t333;
				void* _t334;
				signed long long _t336;
				intOrPtr* _t340;
				intOrPtr* _t341;
				long long _t344;
				long long _t352;
				void* _t361;
				long long _t362;

				_v112 = 0xfffffffe;
				_a24 = __rbx;
				_t222 =  *0x28040430; // 0x449f3b8ca6a
				_v64 = _t222 ^  &_v144;
				r13d = __edx;
				_t361 = __rcx;
				if (__edx != 0xffffffff) goto 0x27ffe908;
				goto 0x27ffee09;
				_t308 =  *((intOrPtr*)(__rcx + 0x48));
				if ( *_t308 == 0) goto 0x27ffe941;
				_t340 =  *((intOrPtr*)(__rcx + 0x60));
				if ( *_t308 -  *_t340 +  *_t308 >= 0) goto 0x27ffe941;
				 *_t340 =  *_t340 - 1;
				_t310 =  *((intOrPtr*)(__rcx + 0x48));
				_t341 =  *_t310;
				_t285 = _t341 + 1;
				 *_t310 = _t285;
				 *_t341 = r13b;
				goto 0x27ffee09;
				_t311 =  *((intOrPtr*)(__rcx + 0x88));
				if (_t311 != 0) goto 0x27ffe956;
				goto 0x27ffee09;
				if ( *((long long*)(__rcx + 0x70)) != 0) goto 0x27ffe978;
				E00007FF77FF7280068AC(r13b, _t222 ^  &_v144, __rbx, _t285, _t311, _t334, _t341);
				_t155 =  !=  ? r13d : __ebp;
				goto 0x27ffee09;
				_v136 = r13b;
				_v72 = _t311;
				_v96 = 0;
				_v96 = _t285;
				_v80 = 8;
				_t225 =  >=  ? _t285 :  &_v96;
				 *((char*)(( >=  ? _t285 :  &_v96) + 8)) = 0;
				r15d = 0;
				_t286 = _v96;
				if (_v72 - 0x10 < 0) goto 0x27ffe9d8;
				if (_t286 == 0) goto 0x27ffea04;
				goto 0x27ffe9dd;
				_t331 =  &_v96;
				_t227 =  >=  ? _t286 :  &_v96;
				_t167 = ( >=  ? _t286 :  &_v96) - _t331;
				if (( >=  ? _t286 :  &_v96) - _t331 > 0) goto 0x27ffea04;
				_t229 =  >=  ? _t286 :  &_v96;
				_t230 = ( >=  ? _t286 :  &_v96) + _v80;
				_t169 = _t331 - ( >=  ? _t286 :  &_v96) + _v80;
				if (_t331 - ( >=  ? _t286 :  &_v96) + _v80 <= 0) goto 0x27ffea1b;
				E00007FF77FF7280044B8();
				if ( &_v104 == 0xfffffffc) goto 0x27ffea52;
				_t233 =  >=  ? _v96 :  &_v96;
				_t234 = ( >=  ? _v96 :  &_v96) + _v80;
				_t172 = _t331 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t331 - ( >=  ? _v96 :  &_v96) + _v80 < 0) goto 0x27ffea52;
				E00007FF77FF7280044B8();
				_t344 = _v80;
				_t288 = _v96;
				_t335 = _t344;
				if (_v72 - 0x10 < 0) goto 0x27ffea65;
				if (_t288 == 0) goto 0x27ffea91;
				goto 0x27ffea6a;
				_t275 =  &_v96;
				_t236 =  >=  ? _t288 :  &_v96;
				_t176 = ( >=  ? _t288 :  &_v96) - _t275;
				if (( >=  ? _t288 :  &_v96) - _t275 > 0) goto 0x27ffea91;
				_t238 =  >=  ? _t288 :  &_v96;
				_t239 = ( >=  ? _t288 :  &_v96) + _t344;
				_t178 = _t275 - ( >=  ? _t288 :  &_v96) + _t344;
				if (_t275 - ( >=  ? _t288 :  &_v96) + _t344 <= 0) goto 0x27ffeaa8;
				E00007FF77FF7280044B8();
				if ( &_v104 == 0xfffffffc) goto 0x27ffeacd;
				_t242 =  >=  ? _v96 :  &_v96;
				_t243 = ( >=  ? _v96 :  &_v96) + _v80;
				_t181 = _t275 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t275 - ( >=  ? _v96 :  &_v96) + _v80 < 0) goto 0x27ffeacd;
				E00007FF77FF7280044B8();
				_v144 =  &_v120;
				_v152 = _t331 + _t344;
				_v160 = _t275;
				_v168 =  &_v128;
				_t126 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t361 + 0x70)))) + 0x28))();
				if (_t126 < 0) goto 0x27ffedf2;
				if (_t126 - 1 > 0) goto 0x27ffedbb;
				_t291 = _v96;
				if (_v72 - 0x10 < 0) goto 0x27ffeb38;
				if (_t291 == 0) goto 0x27ffeb69;
				goto 0x27ffeb3d;
				_t277 =  &_v96;
				_t247 =  >=  ? _t291 :  &_v96;
				_t187 = ( >=  ? _t291 :  &_v96) - _t277;
				if (( >=  ? _t291 :  &_v96) - _t277 > 0) goto 0x27ffeb69;
				_t249 =  >=  ? _t291 :  &_v96;
				_t250 = ( >=  ? _t291 :  &_v96) + _v80;
				_t189 = _t277 - ( >=  ? _t291 :  &_v96) + _v80;
				if (_t277 - ( >=  ? _t291 :  &_v96) + _v80 <= 0) goto 0x27ffeb80;
				E00007FF77FF7280044B8();
				if ( &_v104 == 0xfffffffc) goto 0x27ffebb7;
				_t253 =  >=  ? _v96 :  &_v96;
				_t254 = ( >=  ? _v96 :  &_v96) + _v80;
				_t192 = _t277 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t192 < 0) goto 0x27ffebb7;
				E00007FF77FF7280044B8();
				_t293 = _v96;
				_t333 = _v120 - _t277;
				if (_t192 == 0) goto 0x27ffec70;
				if (_v72 - 0x10 < 0) goto 0x27ffebd5;
				if (_t293 == 0) goto 0x27ffec01;
				goto 0x27ffebda;
				_t279 =  &_v96;
				_t256 =  >=  ? _t293 :  &_v96;
				_t196 = ( >=  ? _t293 :  &_v96) - _t279;
				if (( >=  ? _t293 :  &_v96) - _t279 > 0) goto 0x27ffec01;
				_t258 =  >=  ? _t293 :  &_v96;
				_t259 = ( >=  ? _t293 :  &_v96) + _v80;
				_t198 = _t279 - ( >=  ? _t293 :  &_v96) + _v80;
				if (_t279 - ( >=  ? _t293 :  &_v96) + _v80 <= 0) goto 0x27ffec18;
				E00007FF77FF7280044B8();
				if ( &_v104 == 0xfffffffc) goto 0x27ffec3d;
				_t262 =  >=  ? _v96 :  &_v96;
				_t263 = ( >=  ? _v96 :  &_v96) + _v80;
				if (_t279 - _t263 < 0) goto 0x27ffec3d;
				E00007FF77FF7280044B8();
				_t359 =  *((intOrPtr*)(_t361 + 0x88));
				E00007FF77FF728005B14(_t279, _t279, _v72, _t333, _t344, _t333,  *((intOrPtr*)(_t361 + 0x88)));
				if (_t333 != _t263) goto 0x27ffed83;
				_t352 = _v80;
				 *((char*)(_t361 + 0x79)) = 1;
				if (_v128 !=  &_v136) goto 0x27ffedab;
				if (_t333 != 0) goto 0x27ffe9c8;
				if (_t352 - 0x20 >= 0) goto 0x27ffed9c;
				if ((_t336 | 0xffffffffffffffff) - _t352 - 8 > 0) goto 0x27ffecbc;
				E00007FF77FF7280033CC((_t336 | 0xffffffffffffffff) - _t352, _t279, _t333, _t336 | 0xffffffffffffffff, _t352,  *((intOrPtr*)(_t361 + 0x88)));
				_t84 = _v80 + 8; // 0x10
				_t280 = _t84;
				if (_t280 - 0xfffffffe <= 0) goto 0x27ffecdd;
				_t133 = E00007FF77FF7280033CC((_t336 | 0xffffffffffffffff) - _t352, _t280, _t333, _t336 | 0xffffffffffffffff, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				if (_v72 - _t280 >= 0) goto 0x27ffed03;
				E00007FF77FF727FF2250(_t133,  &_v104, _t280, _v80);
				goto 0x27ffed34;
				if (_t280 != 0) goto 0x27ffed34;
				_v80 = _t362;
				_t268 =  >=  ? _v96 :  &_v96;
				 *((intOrPtr*)( >=  ? _v96 :  &_v96)) = r15b;
				_t301 = _v96;
				goto 0x27ffe9c8;
				if (_t280 == 0) goto 0x27ffe9c8;
				_t270 =  >=  ? _t301 :  &_v96;
				 *((long long*)(_v80 + ( >=  ? _t301 :  &_v96))) = _t301;
				_v80 = _t280;
				_t272 =  >=  ? _v96 :  &_v96;
				 *((char*)(_t280 + ( >=  ? _v96 :  &_v96))) = 0;
				_t328 = _v72;
				_t357 = _v80;
				goto 0x27ffe9c8;
				if (_v72 - 0x10 < 0) goto 0x27ffed98;
				E00007FF77FF7280044D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t344, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				goto 0x27ffee09;
				if (_t328 - 0x10 < 0) goto 0x27ffeda7;
				E00007FF77FF7280044D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t344, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				goto 0x27ffee09;
				if (_t328 - 0x10 < 0) goto 0x27ffedb6;
				E00007FF77FF7280044D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t335, _v80, _t359);
				goto 0x27ffee09;
				if (r13d != 3) goto 0x27ffedf2;
				E00007FF77FF7280068AC(_v136, _t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _v80);
				_t156 =  !=  ? r13d :  !=  ? r13d : __ebp;
				if (_v72 - 0x10 < 0) goto 0x27ffedee;
				E00007FF77FF7280044D8(_t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _v80, _t359);
				goto 0x27ffee09;
				if (_v72 - 0x10 < 0) goto 0x27ffee07;
				E00007FF77FF7280044D8(_t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _t357, _t359);
				return E00007FF77FF728004050(_v136, _v64 ^  &_v144,  *((intOrPtr*)(_t361 + 0x88)), _t357, _t359);
			}


















































                                                                                                                                                                                                    0x7ff727ffe8d3
                                                                                                                                                                                                    0x7ff727ffe8dc
                                                                                                                                                                                                    0x7ff727ffe8e4
                                                                                                                                                                                                    0x7ff727ffe8ee
                                                                                                                                                                                                    0x7ff727ffe8f6
                                                                                                                                                                                                    0x7ff727ffe8f9
                                                                                                                                                                                                    0x7ff727ffe8ff
                                                                                                                                                                                                    0x7ff727ffe903
                                                                                                                                                                                                    0x7ff727ffe908
                                                                                                                                                                                                    0x7ff727ffe910
                                                                                                                                                                                                    0x7ff727ffe915
                                                                                                                                                                                                    0x7ff727ffe922
                                                                                                                                                                                                    0x7ff727ffe924
                                                                                                                                                                                                    0x7ff727ffe927
                                                                                                                                                                                                    0x7ff727ffe92c
                                                                                                                                                                                                    0x7ff727ffe92f
                                                                                                                                                                                                    0x7ff727ffe933
                                                                                                                                                                                                    0x7ff727ffe936
                                                                                                                                                                                                    0x7ff727ffe93c
                                                                                                                                                                                                    0x7ff727ffe941
                                                                                                                                                                                                    0x7ff727ffe94c
                                                                                                                                                                                                    0x7ff727ffe951
                                                                                                                                                                                                    0x7ff727ffe95c
                                                                                                                                                                                                    0x7ff727ffe962
                                                                                                                                                                                                    0x7ff727ffe96d
                                                                                                                                                                                                    0x7ff727ffe973
                                                                                                                                                                                                    0x7ff727ffe978
                                                                                                                                                                                                    0x7ff727ffe982
                                                                                                                                                                                                    0x7ff727ffe98a
                                                                                                                                                                                                    0x7ff727ffe991
                                                                                                                                                                                                    0x7ff727ffe996
                                                                                                                                                                                                    0x7ff727ffe9a8
                                                                                                                                                                                                    0x7ff727ffe9ac
                                                                                                                                                                                                    0x7ff727ffe9b3
                                                                                                                                                                                                    0x7ff727ffe9c3
                                                                                                                                                                                                    0x7ff727ffe9cc
                                                                                                                                                                                                    0x7ff727ffe9d4
                                                                                                                                                                                                    0x7ff727ffe9d6
                                                                                                                                                                                                    0x7ff727ffe9d8
                                                                                                                                                                                                    0x7ff727ffe9e6
                                                                                                                                                                                                    0x7ff727ffe9ea
                                                                                                                                                                                                    0x7ff727ffe9ed
                                                                                                                                                                                                    0x7ff727ffe9f8
                                                                                                                                                                                                    0x7ff727ffe9fc
                                                                                                                                                                                                    0x7ff727ffe9ff
                                                                                                                                                                                                    0x7ff727ffea02
                                                                                                                                                                                                    0x7ff727ffea04
                                                                                                                                                                                                    0x7ff727ffea24
                                                                                                                                                                                                    0x7ff727ffea2f
                                                                                                                                                                                                    0x7ff727ffea33
                                                                                                                                                                                                    0x7ff727ffea36
                                                                                                                                                                                                    0x7ff727ffea39
                                                                                                                                                                                                    0x7ff727ffea3b
                                                                                                                                                                                                    0x7ff727ffea48
                                                                                                                                                                                                    0x7ff727ffea4d
                                                                                                                                                                                                    0x7ff727ffea52
                                                                                                                                                                                                    0x7ff727ffea59
                                                                                                                                                                                                    0x7ff727ffea61
                                                                                                                                                                                                    0x7ff727ffea63
                                                                                                                                                                                                    0x7ff727ffea65
                                                                                                                                                                                                    0x7ff727ffea73
                                                                                                                                                                                                    0x7ff727ffea77
                                                                                                                                                                                                    0x7ff727ffea7a
                                                                                                                                                                                                    0x7ff727ffea85
                                                                                                                                                                                                    0x7ff727ffea89
                                                                                                                                                                                                    0x7ff727ffea8c
                                                                                                                                                                                                    0x7ff727ffea8f
                                                                                                                                                                                                    0x7ff727ffea91
                                                                                                                                                                                                    0x7ff727ffeab1
                                                                                                                                                                                                    0x7ff727ffeabc
                                                                                                                                                                                                    0x7ff727ffeac0
                                                                                                                                                                                                    0x7ff727ffeac3
                                                                                                                                                                                                    0x7ff727ffeac6
                                                                                                                                                                                                    0x7ff727ffeac8
                                                                                                                                                                                                    0x7ff727ffeade
                                                                                                                                                                                                    0x7ff727ffeae3
                                                                                                                                                                                                    0x7ff727ffeae8
                                                                                                                                                                                                    0x7ff727ffeaf2
                                                                                                                                                                                                    0x7ff727ffeb06
                                                                                                                                                                                                    0x7ff727ffeb0c
                                                                                                                                                                                                    0x7ff727ffeb15
                                                                                                                                                                                                    0x7ff727ffeb1b
                                                                                                                                                                                                    0x7ff727ffeb2c
                                                                                                                                                                                                    0x7ff727ffeb34
                                                                                                                                                                                                    0x7ff727ffeb36
                                                                                                                                                                                                    0x7ff727ffeb38
                                                                                                                                                                                                    0x7ff727ffeb46
                                                                                                                                                                                                    0x7ff727ffeb4a
                                                                                                                                                                                                    0x7ff727ffeb4d
                                                                                                                                                                                                    0x7ff727ffeb58
                                                                                                                                                                                                    0x7ff727ffeb61
                                                                                                                                                                                                    0x7ff727ffeb64
                                                                                                                                                                                                    0x7ff727ffeb67
                                                                                                                                                                                                    0x7ff727ffeb69
                                                                                                                                                                                                    0x7ff727ffeb89
                                                                                                                                                                                                    0x7ff727ffeb94
                                                                                                                                                                                                    0x7ff727ffeb98
                                                                                                                                                                                                    0x7ff727ffeb9b
                                                                                                                                                                                                    0x7ff727ffeb9e
                                                                                                                                                                                                    0x7ff727ffeba0
                                                                                                                                                                                                    0x7ff727ffebb2
                                                                                                                                                                                                    0x7ff727ffebbc
                                                                                                                                                                                                    0x7ff727ffebbf
                                                                                                                                                                                                    0x7ff727ffebc9
                                                                                                                                                                                                    0x7ff727ffebd1
                                                                                                                                                                                                    0x7ff727ffebd3
                                                                                                                                                                                                    0x7ff727ffebd5
                                                                                                                                                                                                    0x7ff727ffebe3
                                                                                                                                                                                                    0x7ff727ffebe7
                                                                                                                                                                                                    0x7ff727ffebea
                                                                                                                                                                                                    0x7ff727ffebf5
                                                                                                                                                                                                    0x7ff727ffebf9
                                                                                                                                                                                                    0x7ff727ffebfc
                                                                                                                                                                                                    0x7ff727ffebff
                                                                                                                                                                                                    0x7ff727ffec01
                                                                                                                                                                                                    0x7ff727ffec21
                                                                                                                                                                                                    0x7ff727ffec2c
                                                                                                                                                                                                    0x7ff727ffec30
                                                                                                                                                                                                    0x7ff727ffec36
                                                                                                                                                                                                    0x7ff727ffec38
                                                                                                                                                                                                    0x7ff727ffec3d
                                                                                                                                                                                                    0x7ff727ffec50
                                                                                                                                                                                                    0x7ff727ffec58
                                                                                                                                                                                                    0x7ff727ffec66
                                                                                                                                                                                                    0x7ff727ffec70
                                                                                                                                                                                                    0x7ff727ffec80
                                                                                                                                                                                                    0x7ff727ffec89
                                                                                                                                                                                                    0x7ff727ffec93
                                                                                                                                                                                                    0x7ff727ffeca3
                                                                                                                                                                                                    0x7ff727ffeca5
                                                                                                                                                                                                    0x7ff727ffecbc
                                                                                                                                                                                                    0x7ff727ffecbc
                                                                                                                                                                                                    0x7ff727ffecc4
                                                                                                                                                                                                    0x7ff727ffecc6
                                                                                                                                                                                                    0x7ff727ffece0
                                                                                                                                                                                                    0x7ff727ffecea
                                                                                                                                                                                                    0x7ff727ffed01
                                                                                                                                                                                                    0x7ff727ffed06
                                                                                                                                                                                                    0x7ff727ffed08
                                                                                                                                                                                                    0x7ff727ffed16
                                                                                                                                                                                                    0x7ff727ffed1a
                                                                                                                                                                                                    0x7ff727ffed2a
                                                                                                                                                                                                    0x7ff727ffed2f
                                                                                                                                                                                                    0x7ff727ffed37
                                                                                                                                                                                                    0x7ff727ffed46
                                                                                                                                                                                                    0x7ff727ffed4c
                                                                                                                                                                                                    0x7ff727ffed50
                                                                                                                                                                                                    0x7ff727ffed63
                                                                                                                                                                                                    0x7ff727ffed69
                                                                                                                                                                                                    0x7ff727ffed6c
                                                                                                                                                                                                    0x7ff727ffed74
                                                                                                                                                                                                    0x7ff727ffed7e
                                                                                                                                                                                                    0x7ff727ffed8c
                                                                                                                                                                                                    0x7ff727ffed93
                                                                                                                                                                                                    0x7ff727ffed9a
                                                                                                                                                                                                    0x7ff727ffeda0
                                                                                                                                                                                                    0x7ff727ffeda2
                                                                                                                                                                                                    0x7ff727ffeda9
                                                                                                                                                                                                    0x7ff727ffedaf
                                                                                                                                                                                                    0x7ff727ffedb1
                                                                                                                                                                                                    0x7ff727ffedb9
                                                                                                                                                                                                    0x7ff727ffedbe
                                                                                                                                                                                                    0x7ff727ffedcd
                                                                                                                                                                                                    0x7ff727ffedd5
                                                                                                                                                                                                    0x7ff727ffede2
                                                                                                                                                                                                    0x7ff727ffede9
                                                                                                                                                                                                    0x7ff727ffedf0
                                                                                                                                                                                                    0x7ff727ffedfb
                                                                                                                                                                                                    0x7ff727ffee02
                                                                                                                                                                                                    0x7ff727ffee33

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9d40a9783c5088da7ce004c666f8bdd368779f830e9e7fa24a0836714183e228
                                                                                                                                                                                                    • Instruction ID: cbd113d38511a86d013973361bc78bb456d78fc87ec541c35315499b473f1676
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d40a9783c5088da7ce004c666f8bdd368779f830e9e7fa24a0836714183e228
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29E1892270DB4180EE20AB15E94426DE751FB867E0FD44632DA6D427E9EF3CE146CF61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFFB00 Relevance: 12.3, APIs: 8, Instructions: 295COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF77FF727FFFB00(void* __edx, long long __rbx, long long __rcx, long long __rdx, long long __rsi) {
				void* __rdi;
				void* _t121;
				void* _t162;
				void* _t171;
				void* _t197;
				signed long long _t198;
				signed long long _t223;
				void* _t233;
				void* _t235;
				void* _t237;
				long long _t239;
				long long _t280;
				void* _t282;
				void* _t284;
				long long _t288;
				long long _t289;
				void* _t291;
				signed long long _t292;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t299;
				intOrPtr _t301;
				intOrPtr _t326;
				long long _t328;

				_t197 = _t291;
				_t292 = _t291 - 0x70;
				 *((long long*)(_t292 + 0x38)) = 0xfffffffe;
				 *((long long*)(_t197 + 0x10)) = __rbx;
				 *((long long*)(_t197 + 0x18)) = _t288;
				 *((long long*)(_t197 + 0x20)) = __rsi;
				_t198 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t292 + 0x68) = _t198 ^ _t292;
				_t289 = __rcx;
				if ( *((long long*)(__rcx + 0x70)) == 0) goto 0x27ffff52;
				if ( *((char*)(__rcx + 0x79)) == 0) goto 0x27ffff52;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 8))() != 0xffffffff) goto 0x27fffb5d;
				goto 0x27ffff54;
				 *((long long*)(_t292 + 0x60)) = __rdx;
				 *((char*)(_t292 + 0x48)) = 0;
				 *((long long*)(_t292 + 0x48)) = __rcx;
				 *((long long*)(_t292 + 0x58)) = 8;
				_t202 =  >=  ? __rcx : _t292 + 0x48;
				 *((char*)(( >=  ? __rcx : _t292 + 0x48) + 8)) = 0;
				r13d = 0;
				_t294 =  *((intOrPtr*)(_t292 + 0x48));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27fffbb0;
				if (_t294 == 0) goto 0x27fffbe1;
				goto 0x27fffbb5;
				_t282 = _t292 + 0x48;
				_t204 =  >=  ? _t294 : _t292 + 0x48;
				_t147 = ( >=  ? _t294 : _t292 + 0x48) - _t282;
				if (( >=  ? _t294 : _t292 + 0x48) - _t282 > 0) goto 0x27fffbe1;
				_t243 =  >=  ? _t294 : _t292 + 0x48;
				_t244 = ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t149 = _t282 - ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t282 - ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0x27fffbf0;
				E00007FF77FF7280044B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0x27fffc24;
				_t246 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t247 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t152 = _t282 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t282 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) < 0) goto 0x27fffc24;
				E00007FF77FF7280044B8();
				_t296 =  *((intOrPtr*)(_t292 + 0x48));
				_t286 =  *((intOrPtr*)(_t292 + 0x58));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27fffc39;
				if (_t296 == 0) goto 0x27fffc6a;
				goto 0x27fffc3e;
				_t233 = _t292 + 0x48;
				_t209 =  >=  ? _t296 : _t292 + 0x48;
				_t156 = ( >=  ? _t296 : _t292 + 0x48) - _t233;
				if (( >=  ? _t296 : _t292 + 0x48) - _t233 > 0) goto 0x27fffc6a;
				_t249 =  >=  ? _t296 : _t292 + 0x48;
				_t250 = ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t158 = _t233 - ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t233 - ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0x27fffc79;
				E00007FF77FF7280044B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0x27fffca3;
				_t252 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t253 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t161 = _t233 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t233 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) < 0) goto 0x27fffca3;
				E00007FF77FF7280044B8();
				 *((long long*)(_t292 + 0x20)) = _t292 + 0x30;
				_t162 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x70)))) + 0x30))();
				if (_t162 == 0) goto 0x27fffcd1;
				if (_t162 != 0) goto 0x27fffef9;
				goto 0x27fffcd5;
				 *((intOrPtr*)(__rcx + 0x79)) = r13b;
				_t299 =  *((intOrPtr*)(_t292 + 0x48));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27fffcef;
				if (_t299 == 0) goto 0x27fffd20;
				goto 0x27fffcf4;
				_t235 = _t292 + 0x48;
				_t215 =  >=  ? _t299 : _t292 + 0x48;
				_t166 = ( >=  ? _t299 : _t292 + 0x48) - _t235;
				if (( >=  ? _t299 : _t292 + 0x48) - _t235 > 0) goto 0x27fffd20;
				_t256 =  >=  ? _t299 : _t292 + 0x48;
				_t257 = ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t168 = _t235 - ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t235 - ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0x27fffd2f;
				E00007FF77FF7280044B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0x27fffd63;
				_t259 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t260 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t171 = _t235 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t171 < 0) goto 0x27fffd63;
				E00007FF77FF7280044B8();
				_t301 =  *((intOrPtr*)(_t292 + 0x48));
				_t284 =  *((intOrPtr*)(_t292 + 0x30)) - _t235;
				if (_t171 == 0) goto 0x27fffe15;
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27fffd81;
				if (_t301 == 0) goto 0x27fffdb2;
				goto 0x27fffd86;
				_t237 = _t292 + 0x48;
				_t220 =  >=  ? _t301 : _t292 + 0x48;
				_t175 = ( >=  ? _t301 : _t292 + 0x48) - _t237;
				if (( >=  ? _t301 : _t292 + 0x48) - _t237 > 0) goto 0x27fffdb2;
				_t262 =  >=  ? _t301 : _t292 + 0x48;
				_t263 = ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t177 = _t237 - ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t237 - ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0x27fffdc1;
				E00007FF77FF7280044B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0x27fffdeb;
				_t278 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t223 =  *((intOrPtr*)(_t292 + 0x58));
				_t279 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223;
				_t180 = _t237 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223;
				if (_t237 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223 < 0) goto 0x27fffdeb;
				E00007FF77FF7280044B8();
				E00007FF77FF728005B14(_t237, _t237, ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223, _t284,  *((intOrPtr*)(_t292 + 0x58)), _t284,  *((intOrPtr*)(__rcx + 0x88)));
				if (_t284 != _t223) goto 0x27ffff2a;
				if ( *((intOrPtr*)(_t289 + 0x79)) == r13b) goto 0x27ffff40;
				if (_t284 != 0) goto 0x27fffba0;
				if ((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)) - 8 > 0) goto 0x27fffe46;
				E00007FF77FF7280033CC((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)), _t237, _t284, _t289,  *((intOrPtr*)(_t292 + 0x48)),  *((intOrPtr*)(_t292 + 0x60)));
				_t239 =  *((intOrPtr*)(_t292 + 0x58)) + 8;
				if (_t239 - 0xfffffffe <= 0) goto 0x27fffe64;
				_t121 = E00007FF77FF7280033CC((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)), _t239, _t284, _t289,  *((intOrPtr*)(_t292 + 0x48)),  *((intOrPtr*)(_t292 + 0x60)));
				if ( *((intOrPtr*)(_t292 + 0x60)) - _t239 >= 0) goto 0x27fffe87;
				_t280 = _t239;
				E00007FF77FF727FF2250(_t121, _t292 + 0x40, _t280,  *((intOrPtr*)(_t292 + 0x58)));
				goto 0x27fffeb0;
				if (_t239 != 0) goto 0x27fffeb0;
				 *((long long*)(_t292 + 0x58)) = _t328;
				_t227 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((intOrPtr*)( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48)) = r13b;
				goto 0x27fffba0;
				if (_t239 == 0) goto 0x27fffba0;
				_t267 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((long long*)( *((intOrPtr*)(_t292 + 0x58)) + ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48))) = _t280;
				 *((long long*)(_t292 + 0x58)) = _t239;
				_t230 =  >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((char*)(_t239 + ( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48))) = 0;
				_t326 =  *((intOrPtr*)(_t292 + 0x60));
				_t310 =  *((intOrPtr*)(_t292 + 0x48));
				goto 0x27fffba0;
				if ( *((long long*)(_t292 + 0x60)) == 0x10) goto 0x27ffff14;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27ffff10;
				E00007FF77FF7280044D8( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280,  *((intOrPtr*)(_t292 + 0x58)),  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0x27ffff54;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27ffff26;
				E00007FF77FF7280044D8( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280,  *((intOrPtr*)(_t292 + 0x58)),  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0x27ffff54;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0x27ffff3c;
				E00007FF77FF7280044D8(_t230, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280, _t286,  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0x27ffff54;
				if (_t326 - 0x10 < 0) goto 0x27ffff4e;
				E00007FF77FF7280044D8(_t230, _t239, _t310, _t280, _t286, _t310, _t326);
				goto 0x27ffff54;
				return E00007FF77FF728004050(0,  *(_t292 + 0x68) ^ _t292, _t280, _t310, _t326);
			}



























                                                                                                                                                                                                    0x7ff727fffb00
                                                                                                                                                                                                    0x7ff727fffb08
                                                                                                                                                                                                    0x7ff727fffb0c
                                                                                                                                                                                                    0x7ff727fffb15
                                                                                                                                                                                                    0x7ff727fffb19
                                                                                                                                                                                                    0x7ff727fffb1d
                                                                                                                                                                                                    0x7ff727fffb21
                                                                                                                                                                                                    0x7ff727fffb2b
                                                                                                                                                                                                    0x7ff727fffb30
                                                                                                                                                                                                    0x7ff727fffb38
                                                                                                                                                                                                    0x7ff727fffb42
                                                                                                                                                                                                    0x7ff727fffb54
                                                                                                                                                                                                    0x7ff727fffb58
                                                                                                                                                                                                    0x7ff727fffb62
                                                                                                                                                                                                    0x7ff727fffb67
                                                                                                                                                                                                    0x7ff727fffb6e
                                                                                                                                                                                                    0x7ff727fffb73
                                                                                                                                                                                                    0x7ff727fffb85
                                                                                                                                                                                                    0x7ff727fffb89
                                                                                                                                                                                                    0x7ff727fffb8c
                                                                                                                                                                                                    0x7ff727fffb94
                                                                                                                                                                                                    0x7ff727fffba4
                                                                                                                                                                                                    0x7ff727fffbac
                                                                                                                                                                                                    0x7ff727fffbae
                                                                                                                                                                                                    0x7ff727fffbb0
                                                                                                                                                                                                    0x7ff727fffbbe
                                                                                                                                                                                                    0x7ff727fffbc2
                                                                                                                                                                                                    0x7ff727fffbc5
                                                                                                                                                                                                    0x7ff727fffbd0
                                                                                                                                                                                                    0x7ff727fffbd9
                                                                                                                                                                                                    0x7ff727fffbdc
                                                                                                                                                                                                    0x7ff727fffbdf
                                                                                                                                                                                                    0x7ff727fffbe1
                                                                                                                                                                                                    0x7ff727fffbf9
                                                                                                                                                                                                    0x7ff727fffc04
                                                                                                                                                                                                    0x7ff727fffc0d
                                                                                                                                                                                                    0x7ff727fffc10
                                                                                                                                                                                                    0x7ff727fffc13
                                                                                                                                                                                                    0x7ff727fffc15
                                                                                                                                                                                                    0x7ff727fffc1f
                                                                                                                                                                                                    0x7ff727fffc24
                                                                                                                                                                                                    0x7ff727fffc2d
                                                                                                                                                                                                    0x7ff727fffc35
                                                                                                                                                                                                    0x7ff727fffc37
                                                                                                                                                                                                    0x7ff727fffc39
                                                                                                                                                                                                    0x7ff727fffc47
                                                                                                                                                                                                    0x7ff727fffc4b
                                                                                                                                                                                                    0x7ff727fffc4e
                                                                                                                                                                                                    0x7ff727fffc59
                                                                                                                                                                                                    0x7ff727fffc62
                                                                                                                                                                                                    0x7ff727fffc65
                                                                                                                                                                                                    0x7ff727fffc68
                                                                                                                                                                                                    0x7ff727fffc6a
                                                                                                                                                                                                    0x7ff727fffc82
                                                                                                                                                                                                    0x7ff727fffc8d
                                                                                                                                                                                                    0x7ff727fffc96
                                                                                                                                                                                                    0x7ff727fffc99
                                                                                                                                                                                                    0x7ff727fffc9c
                                                                                                                                                                                                    0x7ff727fffc9e
                                                                                                                                                                                                    0x7ff727fffcb3
                                                                                                                                                                                                    0x7ff727fffcc2
                                                                                                                                                                                                    0x7ff727fffcc4
                                                                                                                                                                                                    0x7ff727fffcc9
                                                                                                                                                                                                    0x7ff727fffccf
                                                                                                                                                                                                    0x7ff727fffcd1
                                                                                                                                                                                                    0x7ff727fffcd5
                                                                                                                                                                                                    0x7ff727fffce3
                                                                                                                                                                                                    0x7ff727fffceb
                                                                                                                                                                                                    0x7ff727fffced
                                                                                                                                                                                                    0x7ff727fffcef
                                                                                                                                                                                                    0x7ff727fffcfd
                                                                                                                                                                                                    0x7ff727fffd01
                                                                                                                                                                                                    0x7ff727fffd04
                                                                                                                                                                                                    0x7ff727fffd0f
                                                                                                                                                                                                    0x7ff727fffd18
                                                                                                                                                                                                    0x7ff727fffd1b
                                                                                                                                                                                                    0x7ff727fffd1e
                                                                                                                                                                                                    0x7ff727fffd20
                                                                                                                                                                                                    0x7ff727fffd38
                                                                                                                                                                                                    0x7ff727fffd43
                                                                                                                                                                                                    0x7ff727fffd4c
                                                                                                                                                                                                    0x7ff727fffd4f
                                                                                                                                                                                                    0x7ff727fffd52
                                                                                                                                                                                                    0x7ff727fffd54
                                                                                                                                                                                                    0x7ff727fffd5e
                                                                                                                                                                                                    0x7ff727fffd68
                                                                                                                                                                                                    0x7ff727fffd6b
                                                                                                                                                                                                    0x7ff727fffd75
                                                                                                                                                                                                    0x7ff727fffd7d
                                                                                                                                                                                                    0x7ff727fffd7f
                                                                                                                                                                                                    0x7ff727fffd81
                                                                                                                                                                                                    0x7ff727fffd8f
                                                                                                                                                                                                    0x7ff727fffd93
                                                                                                                                                                                                    0x7ff727fffd96
                                                                                                                                                                                                    0x7ff727fffda1
                                                                                                                                                                                                    0x7ff727fffdaa
                                                                                                                                                                                                    0x7ff727fffdad
                                                                                                                                                                                                    0x7ff727fffdb0
                                                                                                                                                                                                    0x7ff727fffdb2
                                                                                                                                                                                                    0x7ff727fffdca
                                                                                                                                                                                                    0x7ff727fffdd5
                                                                                                                                                                                                    0x7ff727fffdd9
                                                                                                                                                                                                    0x7ff727fffdde
                                                                                                                                                                                                    0x7ff727fffde1
                                                                                                                                                                                                    0x7ff727fffde4
                                                                                                                                                                                                    0x7ff727fffde6
                                                                                                                                                                                                    0x7ff727fffdfd
                                                                                                                                                                                                    0x7ff727fffe05
                                                                                                                                                                                                    0x7ff727fffe19
                                                                                                                                                                                                    0x7ff727fffe22
                                                                                                                                                                                                    0x7ff727fffe35
                                                                                                                                                                                                    0x7ff727fffe37
                                                                                                                                                                                                    0x7ff727fffe4b
                                                                                                                                                                                                    0x7ff727fffe53
                                                                                                                                                                                                    0x7ff727fffe55
                                                                                                                                                                                                    0x7ff727fffe67
                                                                                                                                                                                                    0x7ff727fffe6e
                                                                                                                                                                                                    0x7ff727fffe76
                                                                                                                                                                                                    0x7ff727fffe85
                                                                                                                                                                                                    0x7ff727fffe8a
                                                                                                                                                                                                    0x7ff727fffe8c
                                                                                                                                                                                                    0x7ff727fffe9a
                                                                                                                                                                                                    0x7ff727fffe9e
                                                                                                                                                                                                    0x7ff727fffeab
                                                                                                                                                                                                    0x7ff727fffeb3
                                                                                                                                                                                                    0x7ff727fffec2
                                                                                                                                                                                                    0x7ff727fffecd
                                                                                                                                                                                                    0x7ff727fffed1
                                                                                                                                                                                                    0x7ff727fffee1
                                                                                                                                                                                                    0x7ff727fffee7
                                                                                                                                                                                                    0x7ff727fffeea
                                                                                                                                                                                                    0x7ff727fffeef
                                                                                                                                                                                                    0x7ff727fffef4
                                                                                                                                                                                                    0x7ff727fffefc
                                                                                                                                                                                                    0x7ff727ffff04
                                                                                                                                                                                                    0x7ff727ffff0b
                                                                                                                                                                                                    0x7ff727ffff12
                                                                                                                                                                                                    0x7ff727ffff1a
                                                                                                                                                                                                    0x7ff727ffff21
                                                                                                                                                                                                    0x7ff727ffff28
                                                                                                                                                                                                    0x7ff727ffff30
                                                                                                                                                                                                    0x7ff727ffff37
                                                                                                                                                                                                    0x7ff727ffff3e
                                                                                                                                                                                                    0x7ff727ffff44
                                                                                                                                                                                                    0x7ff727ffff49
                                                                                                                                                                                                    0x7ff727ffff50
                                                                                                                                                                                                    0x7ff727ffff7a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: bb00c0e8b7afb0c2600c17caa4aa4b149fb672f7b61d2350a14f23c70e491a44
                                                                                                                                                                                                    • Instruction ID: 705f8747d917f746fcf72fa7a21b69b73a8862484a37ff94f88ac162476c4bf2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb00c0e8b7afb0c2600c17caa4aa4b149fb672f7b61d2350a14f23c70e491a44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CC1C92260CB4580EE10AF59E9501ADE7A1EB837D4FD50532EB6D03BE5CF6DD5838B21
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFBC70 Relevance: 12.1, APIs: 8, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF727FFBC70(intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rbp, intOrPtr* __r8, intOrPtr* __r9, long long __r12, long long __r13, long long __r15, long long _a8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* _t62;
				intOrPtr _t89;
				intOrPtr _t102;
				intOrPtr _t103;
				long long _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t120;
				intOrPtr* _t126;
				signed long long _t131;
				unsigned long long _t139;

				 *((long long*)(__rcx)) =  *((intOrPtr*)(__r8));
				 *((long long*)(__rcx + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *((long long*)(__rdx + 0x38)) == 0) goto 0x27ffbe4a;
				_v40 = __r15;
				_a8 = __rbp;
				_a16 = __rdi;
				_a24 = __r12;
				r15d = 0;
				_v32 = __r13;
				_t89 =  *__rcx;
				if (_t89 == 0xfffffffc) goto 0x27ffbccf;
				if (_t89 == 0) goto 0x27ffbcca;
				if (_t89 ==  *__r9) goto 0x27ffbccf;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__rcx + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0x27ffbe25;
				_t131 =  *((intOrPtr*)(__rdx + 0x30));
				if (_t131 -  *((intOrPtr*)(__rdx + 0x38)) + _t131 <= 0) goto 0x27ffbcf2;
				E00007FF77FF7280044B8();
				_t126 =  *((intOrPtr*)(__rdx));
				_t139 = _t131 >> 3;
				r13d = r13d & 0x00000007;
				if (_t126 != 0) goto 0x27ffbd15;
				E00007FF77FF7280044B8();
				goto 0x27ffbd1b;
				if (_t131 -  *((intOrPtr*)( *_t126 + 0x38)) +  *((intOrPtr*)( *_t126 + 0x30)) < 0) goto 0x27ffbd2d;
				E00007FF77FF7280044B8();
				if (_t126 == 0) goto 0x27ffbd37;
				goto 0x27ffbd3a;
				if ( *((intOrPtr*)(__r15 + 0x28)) - _t139 > 0) goto 0x27ffbd51;
				if (_t126 == 0) goto 0x27ffbd4a;
				goto 0x27ffbd4d;
				if (_t126 == 0) goto 0x27ffbd5b;
				goto 0x27ffbd5e;
				_t102 =  *__rcx;
				if (_t102 == 0xfffffffc) goto 0x27ffbda0;
				if (_t102 != 0) goto 0x27ffbd79;
				E00007FF77FF7280044B8();
				_t103 =  *__rcx;
				if ( *((long long*)(_t103 + 0x20)) - 8 < 0) goto 0x27ffbd89;
				goto 0x27ffbd8d;
				if ( *((intOrPtr*)(__rcx + 8)) - _t103 + 8 +  *(_t103 + 0x18) * 2 < 0) goto 0x27ffbda0;
				E00007FF77FF7280044B8();
				 *((short*)( *((intOrPtr*)(__rcx + 8)))) =  *( *((intOrPtr*)( *((intOrPtr*)(__r15 + 0x20)) + (_t139 -  *((intOrPtr*)(__r15 + 0x28))) * 8)) + _t131 * 2) & 0x0000ffff;
				_t120 =  *((intOrPtr*)(__rdx + 0x38));
				if (_t120 == 0) goto 0x27ffbddc;
				 *((long long*)(__rdx + 0x30)) =  *((long long*)(__rdx + 0x30)) + 1;
				if ( *(__rdx + 0x28) << 3 -  *((intOrPtr*)(__rdx + 0x30)) > 0) goto 0x27ffbdcb;
				 *((long long*)(__rdx + 0x30)) = __r15;
				_t36 = _t120 - 1; // -1
				_t107 = _t36;
				 *((long long*)(__rdx + 0x38)) = _t107;
				if (_t107 != 0) goto 0x27ffbddc;
				 *((long long*)(__rdx + 0x30)) = __r15;
				_t108 =  *__rcx;
				if (_t108 == 0xfffffffc) goto 0x27ffbe16;
				if (_t108 != 0) goto 0x27ffbdef;
				E00007FF77FF7280044B8();
				_t109 =  *__rcx;
				if ( *((long long*)(_t109 + 0x20)) - 8 < 0) goto 0x27ffbdff;
				goto 0x27ffbe03;
				if ( *((intOrPtr*)(__rcx + 8)) - _t109 + 8 +  *(_t109 + 0x18) * 2 < 0) goto 0x27ffbe16;
				_t62 = E00007FF77FF7280044B8();
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 2;
				if ( *((intOrPtr*)(__rdx + 0x38)) != __r15) goto 0x27ffbcb7;
				return _t62;
			}
















                                                                                                                                                                                                    0x7ff727ffbc84
                                                                                                                                                                                                    0x7ff727ffbc8e
                                                                                                                                                                                                    0x7ff727ffbc95
                                                                                                                                                                                                    0x7ff727ffbc9b
                                                                                                                                                                                                    0x7ff727ffbca0
                                                                                                                                                                                                    0x7ff727ffbca5
                                                                                                                                                                                                    0x7ff727ffbcaa
                                                                                                                                                                                                    0x7ff727ffbcaf
                                                                                                                                                                                                    0x7ff727ffbcb2
                                                                                                                                                                                                    0x7ff727ffbcb7
                                                                                                                                                                                                    0x7ff727ffbcbe
                                                                                                                                                                                                    0x7ff727ffbcc3
                                                                                                                                                                                                    0x7ff727ffbcc8
                                                                                                                                                                                                    0x7ff727ffbcca
                                                                                                                                                                                                    0x7ff727ffbcd7
                                                                                                                                                                                                    0x7ff727ffbcdd
                                                                                                                                                                                                    0x7ff727ffbceb
                                                                                                                                                                                                    0x7ff727ffbced
                                                                                                                                                                                                    0x7ff727ffbcf2
                                                                                                                                                                                                    0x7ff727ffbcfb
                                                                                                                                                                                                    0x7ff727ffbcff
                                                                                                                                                                                                    0x7ff727ffbd06
                                                                                                                                                                                                    0x7ff727ffbd08
                                                                                                                                                                                                    0x7ff727ffbd13
                                                                                                                                                                                                    0x7ff727ffbd26
                                                                                                                                                                                                    0x7ff727ffbd28
                                                                                                                                                                                                    0x7ff727ffbd30
                                                                                                                                                                                                    0x7ff727ffbd35
                                                                                                                                                                                                    0x7ff727ffbd3e
                                                                                                                                                                                                    0x7ff727ffbd43
                                                                                                                                                                                                    0x7ff727ffbd48
                                                                                                                                                                                                    0x7ff727ffbd54
                                                                                                                                                                                                    0x7ff727ffbd59
                                                                                                                                                                                                    0x7ff727ffbd66
                                                                                                                                                                                                    0x7ff727ffbd6d
                                                                                                                                                                                                    0x7ff727ffbd72
                                                                                                                                                                                                    0x7ff727ffbd74
                                                                                                                                                                                                    0x7ff727ffbd79
                                                                                                                                                                                                    0x7ff727ffbd81
                                                                                                                                                                                                    0x7ff727ffbd87
                                                                                                                                                                                                    0x7ff727ffbd99
                                                                                                                                                                                                    0x7ff727ffbd9b
                                                                                                                                                                                                    0x7ff727ffbda9
                                                                                                                                                                                                    0x7ff727ffbdac
                                                                                                                                                                                                    0x7ff727ffbdb3
                                                                                                                                                                                                    0x7ff727ffbdb9
                                                                                                                                                                                                    0x7ff727ffbdc5
                                                                                                                                                                                                    0x7ff727ffbdc7
                                                                                                                                                                                                    0x7ff727ffbdcb
                                                                                                                                                                                                    0x7ff727ffbdcb
                                                                                                                                                                                                    0x7ff727ffbdcf
                                                                                                                                                                                                    0x7ff727ffbdd6
                                                                                                                                                                                                    0x7ff727ffbdd8
                                                                                                                                                                                                    0x7ff727ffbddc
                                                                                                                                                                                                    0x7ff727ffbde3
                                                                                                                                                                                                    0x7ff727ffbde8
                                                                                                                                                                                                    0x7ff727ffbdea
                                                                                                                                                                                                    0x7ff727ffbdef
                                                                                                                                                                                                    0x7ff727ffbdf7
                                                                                                                                                                                                    0x7ff727ffbdfd
                                                                                                                                                                                                    0x7ff727ffbe0f
                                                                                                                                                                                                    0x7ff727ffbe11
                                                                                                                                                                                                    0x7ff727ffbe16
                                                                                                                                                                                                    0x7ff727ffbe1f
                                                                                                                                                                                                    0x7ff727ffbe49

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 22a5dda9e8a811af525db2b3f1416110af8d8fcdbcad987767e050683361c72f
                                                                                                                                                                                                    • Instruction ID: 860da585ab3c7b59e7f12de49f3d259828dc190dee2e380ab2e7f3ddf8bc58ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22a5dda9e8a811af525db2b3f1416110af8d8fcdbcad987767e050683361c72f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81516026609F4581DA60AF26DA8012DE3A4FB45FA4B984632CF6D077E4CF3CE553C726
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFA9F0 Relevance: 12.1, APIs: 8, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E00007FF77FF727FFA9F0(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rsi, intOrPtr* __r8, intOrPtr* __r9) {
				void* _t58;
				intOrPtr _t99;
				long long* _t102;
				intOrPtr* _t112;
				intOrPtr* _t116;
				signed short* _t120;
				long long _t123;
				intOrPtr _t124;
				void* _t126;
				void* _t127;
				intOrPtr _t138;

				 *((long long*)(_t126 + 8)) = __rbx;
				 *((long long*)(_t126 + 0x10)) = _t123;
				 *((long long*)(_t126 + 0x18)) = __rsi;
				_t127 = _t126 - 0x40;
				_t102 = _t127 + 0x20;
				 *_t102 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t102 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t124 =  *((intOrPtr*)(_t127 + 0x20));
				_t138 =  *((intOrPtr*)(_t127 + 0x28));
				if (_t124 == 0xfffffffc) goto 0x27ffaa48;
				if (_t124 == 0) goto 0x27ffaa43;
				if (_t124 ==  *((intOrPtr*)(__r9))) goto 0x27ffaa48;
				E00007FF77FF7280044B8();
				if (_t138 ==  *((intOrPtr*)(__r9 + 8))) goto 0x27ffab89;
				_t120 =  *((intOrPtr*)(__rcx));
				if (_t120 ==  *((intOrPtr*)(__rcx + 8))) goto 0x27ffab89;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t99 =  *((intOrPtr*)(_t127 + 0x30));
				_t116 =  *((intOrPtr*)(_t127 + 0x38));
				if (_t99 == 0xfffffffc) goto 0x27ffaa8c;
				if (_t99 == 0) goto 0x27ffaa87;
				if (_t99 ==  *((intOrPtr*)(__r9))) goto 0x27ffaa8c;
				E00007FF77FF7280044B8();
				if (_t116 ==  *((intOrPtr*)(__r9 + 8))) goto 0x27ffab18;
				if (_t120 ==  *((intOrPtr*)(__rcx + 8))) goto 0x27ffab18;
				if (_t99 == 0xfffffffc) goto 0x27ffaad0;
				if (_t99 != 0) goto 0x27ffaaad;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t99 + 0x20)) - 8 < 0) goto 0x27ffaaba;
				goto 0x27ffaabe;
				if (_t116 - _t99 + 8 +  *(_t99 + 0x18) * 2 < 0) goto 0x27ffaad0;
				E00007FF77FF7280044B8();
				if ( *_t116 != ( *_t120 & 0x0000ffff)) goto 0x27ffab18;
				if (_t99 == 0xfffffffc) goto 0x27ffab0b;
				if (_t99 != 0) goto 0x27ffaae8;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t99 + 0x20)) - 8 < 0) goto 0x27ffaaf5;
				goto 0x27ffaaf9;
				if (_t116 - _t99 + 8 +  *(_t99 + 0x18) * 2 < 0) goto 0x27ffab0b;
				E00007FF77FF7280044B8();
				goto 0x27ffaa76;
				 *((long long*)(_t127 + 0x38)) = _t116 + 2;
				if ( &(_t120[1]) ==  *((intOrPtr*)(__rcx + 8))) goto 0x27ffab64;
				if (_t124 == 0xfffffffc) goto 0x27ffab56;
				if (_t124 != 0) goto 0x27ffab33;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t124 + 0x20)) - 8 < 0) goto 0x27ffab40;
				goto 0x27ffab44;
				if (_t138 - _t124 + 8 +  *(_t124 + 0x18) * 2 < 0) goto 0x27ffab56;
				_t58 = E00007FF77FF7280044B8();
				 *((long long*)(_t127 + 0x28)) = _t138 + 2;
				goto 0x27ffaa32;
				_t112 = _t127 + 0x20;
				 *__rdx =  *_t112;
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(_t112 + 8));
				 *((long long*)(__rdx + 0x10)) =  *((intOrPtr*)(_t127 + 0x30));
				goto 0x27ffaba6;
				 *__rdx =  *((intOrPtr*)(__r9));
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(__rdx + 0x10)) =  *((intOrPtr*)(__r9));
				 *((long long*)(__rdx + 0x18)) =  *((intOrPtr*)(__r9 + 8));
				return _t58;
			}














                                                                                                                                                                                                    0x7ff727ffa9f0
                                                                                                                                                                                                    0x7ff727ffa9f5
                                                                                                                                                                                                    0x7ff727ffa9fa
                                                                                                                                                                                                    0x7ff727ffaa08
                                                                                                                                                                                                    0x7ff727ffaa12
                                                                                                                                                                                                    0x7ff727ffaa17
                                                                                                                                                                                                    0x7ff727ffaa21
                                                                                                                                                                                                    0x7ff727ffaa25
                                                                                                                                                                                                    0x7ff727ffaa2a
                                                                                                                                                                                                    0x7ff727ffaa36
                                                                                                                                                                                                    0x7ff727ffaa3b
                                                                                                                                                                                                    0x7ff727ffaa41
                                                                                                                                                                                                    0x7ff727ffaa43
                                                                                                                                                                                                    0x7ff727ffaa4d
                                                                                                                                                                                                    0x7ff727ffaa53
                                                                                                                                                                                                    0x7ff727ffaa5b
                                                                                                                                                                                                    0x7ff727ffaa61
                                                                                                                                                                                                    0x7ff727ffaa66
                                                                                                                                                                                                    0x7ff727ffaa6c
                                                                                                                                                                                                    0x7ff727ffaa71
                                                                                                                                                                                                    0x7ff727ffaa7a
                                                                                                                                                                                                    0x7ff727ffaa7f
                                                                                                                                                                                                    0x7ff727ffaa85
                                                                                                                                                                                                    0x7ff727ffaa87
                                                                                                                                                                                                    0x7ff727ffaa91
                                                                                                                                                                                                    0x7ff727ffaa9b
                                                                                                                                                                                                    0x7ff727ffaaa1
                                                                                                                                                                                                    0x7ff727ffaaa6
                                                                                                                                                                                                    0x7ff727ffaaa8
                                                                                                                                                                                                    0x7ff727ffaab2
                                                                                                                                                                                                    0x7ff727ffaab8
                                                                                                                                                                                                    0x7ff727ffaac9
                                                                                                                                                                                                    0x7ff727ffaacb
                                                                                                                                                                                                    0x7ff727ffaad6
                                                                                                                                                                                                    0x7ff727ffaadc
                                                                                                                                                                                                    0x7ff727ffaae1
                                                                                                                                                                                                    0x7ff727ffaae3
                                                                                                                                                                                                    0x7ff727ffaaed
                                                                                                                                                                                                    0x7ff727ffaaf3
                                                                                                                                                                                                    0x7ff727ffab04
                                                                                                                                                                                                    0x7ff727ffab06
                                                                                                                                                                                                    0x7ff727ffab13
                                                                                                                                                                                                    0x7ff727ffab18
                                                                                                                                                                                                    0x7ff727ffab21
                                                                                                                                                                                                    0x7ff727ffab27
                                                                                                                                                                                                    0x7ff727ffab2c
                                                                                                                                                                                                    0x7ff727ffab2e
                                                                                                                                                                                                    0x7ff727ffab38
                                                                                                                                                                                                    0x7ff727ffab3e
                                                                                                                                                                                                    0x7ff727ffab4f
                                                                                                                                                                                                    0x7ff727ffab51
                                                                                                                                                                                                    0x7ff727ffab5a
                                                                                                                                                                                                    0x7ff727ffab5f
                                                                                                                                                                                                    0x7ff727ffab64
                                                                                                                                                                                                    0x7ff727ffab6c
                                                                                                                                                                                                    0x7ff727ffab78
                                                                                                                                                                                                    0x7ff727ffab7f
                                                                                                                                                                                                    0x7ff727ffab87
                                                                                                                                                                                                    0x7ff727ffab8d
                                                                                                                                                                                                    0x7ff727ffab95
                                                                                                                                                                                                    0x7ff727ffab9d
                                                                                                                                                                                                    0x7ff727ffabb8
                                                                                                                                                                                                    0x7ff727ffabcc

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: c39085dac5a8c37aa111a4ee3f5df2e94acb3f7c8a7dde8f4e7502a9263f1198
                                                                                                                                                                                                    • Instruction ID: a9ac205786bae0328955b841661f8b356129864f0ee46353f81847646e941bf7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c39085dac5a8c37aa111a4ee3f5df2e94acb3f7c8a7dde8f4e7502a9263f1198
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7551A52260DF45C0DA60AF19EA44079F364FB567A4B854332DAAC033E4DF38E587CB69
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF4D20 Relevance: 12.1, APIs: 8, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                    			E00007FF77FF727FF4D20(intOrPtr* __rcx, void* __rdx, char _a24) {
				long long _v32;
				char _v40;
				void* __rbx;
				void* __rsi;
				intOrPtr _t21;
				long long _t25;

				_a24 = r8b;
				_t25 =  *((intOrPtr*)(__rcx + 0x20));
				_t21 =  *((intOrPtr*)(__rcx + 0x18));
				_a24 = 0;
				if (_t25 - _t21 - __rdx >= 0) goto 0x27ff4d93;
				if (_t21 - _t25 <= 0) goto 0x27ff4d55;
				E00007FF77FF7280044B8();
				_v32 = _t25;
				_v40 =  *((intOrPtr*)(__rcx));
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x20], xmm0");
				return E00007FF77FF727FF53A0(__rcx, __rcx,  &_v40, _t25,  *((intOrPtr*)(__rcx + 0x18)) -  *((intOrPtr*)(__rcx + 0x20)) + __rdx,  &_a24);
			}









                                                                                                                                                                                                    0x7ff727ff4d20
                                                                                                                                                                                                    0x7ff727ff4d2d
                                                                                                                                                                                                    0x7ff727ff4d34
                                                                                                                                                                                                    0x7ff727ff4d3e
                                                                                                                                                                                                    0x7ff727ff4d49
                                                                                                                                                                                                    0x7ff727ff4d4e
                                                                                                                                                                                                    0x7ff727ff4d50
                                                                                                                                                                                                    0x7ff727ff4d5c
                                                                                                                                                                                                    0x7ff727ff4d65
                                                                                                                                                                                                    0x7ff727ff4d6f
                                                                                                                                                                                                    0x7ff727ff4d74
                                                                                                                                                                                                    0x7ff727ff4d92

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 1051cff0eb89c7fb68da50a8adb59ec4bf6f1c5a90234f486663dca69e2acc4d
                                                                                                                                                                                                    • Instruction ID: 3eba949e4fc76a5383f1de7c09835449d9141bdc573c7f26bbf4c8254aee4d89
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1051cff0eb89c7fb68da50a8adb59ec4bf6f1c5a90234f486663dca69e2acc4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D41A762A0CA4185E760BF24D90017DF3A5FB45BC8F944132DE9C176C9DF2CE5538B66
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728014E0C Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF77FF728014E0C(void* __ebx, signed int __ecx, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				signed long long _v56;
				void* __rdi;
				void* __r12;
				void* _t30;
				void* _t47;
				intOrPtr* _t52;
				signed long long _t54;
				signed long long _t55;
				signed long long _t63;
				signed long long _t65;
				signed long long _t68;
				void* _t75;
				void* _t76;
				signed long long _t78;

				_t74 = __r8;
				_t70 = __rbp;
				_t60 = __rcx;
				_t30 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				_t76 = __rdx;
				_t58 = __ecx;
				if (__ebx != 0xfffffffe) goto 0x28014e52;
				E00007FF77FF7280078CC(__rax);
				 *__rax = 0;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28014f2b;
				if (__ebx < 0) goto 0x28014f01;
				_t47 = _t30 -  *0x280489c0; // 0x20
				if (_t47 >= 0) goto 0x28014f01;
				_t78 = __ecx >> 5;
				_t68 = __ecx * 0x58;
				_t52 =  *((intOrPtr*)(0x280489e0 + _t78 * 8));
				if (_t47 != 0) goto 0x28014eba;
				E00007FF77FF7280078CC(_t52);
				 *_t52 = 0;
				E00007FF77FF7280078AC(_t52);
				 *_t52 = 9;
				_v56 = _t63;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t52, __ecx, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0x28014f2b;
				E00007FF77FF72801593C(_t30, _t30, _t58, _t63, _t68, _t75);
				_t54 =  *((intOrPtr*)(0x280489e0 + _t78 * 8));
				if (( *(_t54 + _t68 + 8) & 0x00000001) == 0) goto 0x28014edf;
				r8d = r12d;
				E00007FF77FF728014D74(_t30, _t30, _t54, _t58, _t76);
				goto 0x28014ef5;
				E00007FF77FF7280078AC(_t54);
				 *_t54 = 9;
				E00007FF77FF7280078CC(_t54);
				 *_t54 = 0;
				_t65 = _t54 | 0xffffffff;
				E00007FF77FF7280159E4();
				_t55 = _t65;
				goto 0x28014f2b;
				E00007FF77FF7280078CC(_t55);
				 *_t55 = 0;
				E00007FF77FF7280078AC(_t55);
				 *_t55 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t55, _t58, _t60, _t76, _t68, _t70, _t74);
			}

















                                                                                                                                                                                                    0x7ff728014e0c
                                                                                                                                                                                                    0x7ff728014e0c
                                                                                                                                                                                                    0x7ff728014e0c
                                                                                                                                                                                                    0x7ff728014e0c
                                                                                                                                                                                                    0x7ff728014e0c
                                                                                                                                                                                                    0x7ff728014e11
                                                                                                                                                                                                    0x7ff728014e16
                                                                                                                                                                                                    0x7ff728014e27
                                                                                                                                                                                                    0x7ff728014e2a
                                                                                                                                                                                                    0x7ff728014e2d
                                                                                                                                                                                                    0x7ff728014e33
                                                                                                                                                                                                    0x7ff728014e35
                                                                                                                                                                                                    0x7ff728014e3c
                                                                                                                                                                                                    0x7ff728014e3e
                                                                                                                                                                                                    0x7ff728014e43
                                                                                                                                                                                                    0x7ff728014e4d
                                                                                                                                                                                                    0x7ff728014e56
                                                                                                                                                                                                    0x7ff728014e5c
                                                                                                                                                                                                    0x7ff728014e62
                                                                                                                                                                                                    0x7ff728014e6e
                                                                                                                                                                                                    0x7ff728014e7c
                                                                                                                                                                                                    0x7ff728014e80
                                                                                                                                                                                                    0x7ff728014e8c
                                                                                                                                                                                                    0x7ff728014e8e
                                                                                                                                                                                                    0x7ff728014e93
                                                                                                                                                                                                    0x7ff728014e95
                                                                                                                                                                                                    0x7ff728014e9a
                                                                                                                                                                                                    0x7ff728014ea0
                                                                                                                                                                                                    0x7ff728014ea5
                                                                                                                                                                                                    0x7ff728014ea8
                                                                                                                                                                                                    0x7ff728014eaf
                                                                                                                                                                                                    0x7ff728014eb8
                                                                                                                                                                                                    0x7ff728014ebc
                                                                                                                                                                                                    0x7ff728014ec2
                                                                                                                                                                                                    0x7ff728014ecb
                                                                                                                                                                                                    0x7ff728014ecd
                                                                                                                                                                                                    0x7ff728014ed5
                                                                                                                                                                                                    0x7ff728014edd
                                                                                                                                                                                                    0x7ff728014edf
                                                                                                                                                                                                    0x7ff728014ee4
                                                                                                                                                                                                    0x7ff728014eea
                                                                                                                                                                                                    0x7ff728014eef
                                                                                                                                                                                                    0x7ff728014ef1
                                                                                                                                                                                                    0x7ff728014ef7
                                                                                                                                                                                                    0x7ff728014efc
                                                                                                                                                                                                    0x7ff728014eff
                                                                                                                                                                                                    0x7ff728014f01
                                                                                                                                                                                                    0x7ff728014f06
                                                                                                                                                                                                    0x7ff728014f08
                                                                                                                                                                                                    0x7ff728014f0d
                                                                                                                                                                                                    0x7ff728014f13
                                                                                                                                                                                                    0x7ff728014f18
                                                                                                                                                                                                    0x7ff728014f1b
                                                                                                                                                                                                    0x7ff728014f42

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: fd70bf307f78bc1a0b30db4c381cd12ef6fe9862424e331efe26ad2a528cd58b
                                                                                                                                                                                                    • Instruction ID: c27392296b161bd9e8e0658161b69dbdd88fd5c2fb5b6122e7e1a34d75fed82b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd70bf307f78bc1a0b30db4c381cd12ef6fe9862424e331efe26ad2a528cd58b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131A231A18A4241E6317F21AC4163DF551EF807B4F95A736EA3D077D2DE3EA4418B38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728011650 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                                                                    			E00007FF77FF728011650(void* __ebx, signed int __ecx, signed int __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, void* __r11, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t47;
				void* _t53;
				signed int* _t57;
				signed int* _t58;
				long long _t65;
				signed long long _t68;
				void* _t75;
				void* _t76;
				void* _t77;
				signed long long _t79;

				_t75 = __r11;
				_t74 = __r8;
				_t70 = __rbp;
				_t62 = __rcx;
				_t34 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				_t77 = __rdx;
				_t60 = __ecx;
				if (__ebx != 0xfffffffe) goto 0x28011695;
				E00007FF77FF7280078CC(__rax);
				 *__rax = 0;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28011769;
				if (__ebx < 0) goto 0x28011740;
				_t53 = _t34 -  *0x280489c0; // 0x20
				if (_t53 >= 0) goto 0x28011740;
				_t79 = __ecx >> 5;
				_t68 = __ecx * 0x58;
				_t57 =  *((intOrPtr*)(0x280489e0 + _t79 * 8));
				if (_t53 != 0) goto 0x280116fc;
				E00007FF77FF7280078CC(_t57);
				 *_t57 = 0;
				E00007FF77FF7280078AC(_t57);
				 *_t57 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t57, __ecx, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0x28011769;
				E00007FF77FF72801593C(_t34, _t34, _t60, _t65, _t68, _t76);
				_t58 =  *((intOrPtr*)(0x280489e0 + _t79 * 8));
				if (( *(_t58 + _t68 + 8) & 0x00000001) == 0) goto 0x28011720;
				r8d = r12d;
				_t47 = E00007FF77FF728010EF0(_t34, _t34, __esi & 0x0000001f, _t58, _t60, _t62, _t77, _t74, _t75);
				goto 0x28011735;
				E00007FF77FF7280078AC(_t58);
				 *_t58 = 9;
				E00007FF77FF7280078CC(_t58);
				 *_t58 = _t47;
				E00007FF77FF7280159E4();
				goto 0x28011769;
				E00007FF77FF7280078CC(_t58);
				 *_t58 = _t47 | 0xffffffff;
				E00007FF77FF7280078AC(_t58);
				 *_t58 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t58, _t60, _t62, _t77, _t68, _t70, _t74) | 0xffffffff;
			}

















                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011650
                                                                                                                                                                                                    0x7ff728011655
                                                                                                                                                                                                    0x7ff72801165a
                                                                                                                                                                                                    0x7ff72801166b
                                                                                                                                                                                                    0x7ff72801166e
                                                                                                                                                                                                    0x7ff728011671
                                                                                                                                                                                                    0x7ff728011677
                                                                                                                                                                                                    0x7ff728011679
                                                                                                                                                                                                    0x7ff728011680
                                                                                                                                                                                                    0x7ff728011682
                                                                                                                                                                                                    0x7ff728011687
                                                                                                                                                                                                    0x7ff728011690
                                                                                                                                                                                                    0x7ff728011699
                                                                                                                                                                                                    0x7ff72801169f
                                                                                                                                                                                                    0x7ff7280116a5
                                                                                                                                                                                                    0x7ff7280116b1
                                                                                                                                                                                                    0x7ff7280116bf
                                                                                                                                                                                                    0x7ff7280116c3
                                                                                                                                                                                                    0x7ff7280116cf
                                                                                                                                                                                                    0x7ff7280116d1
                                                                                                                                                                                                    0x7ff7280116d6
                                                                                                                                                                                                    0x7ff7280116d8
                                                                                                                                                                                                    0x7ff7280116dd
                                                                                                                                                                                                    0x7ff7280116e3
                                                                                                                                                                                                    0x7ff7280116e8
                                                                                                                                                                                                    0x7ff7280116eb
                                                                                                                                                                                                    0x7ff7280116f2
                                                                                                                                                                                                    0x7ff7280116fa
                                                                                                                                                                                                    0x7ff7280116fe
                                                                                                                                                                                                    0x7ff728011704
                                                                                                                                                                                                    0x7ff72801170d
                                                                                                                                                                                                    0x7ff72801170f
                                                                                                                                                                                                    0x7ff72801171c
                                                                                                                                                                                                    0x7ff72801171e
                                                                                                                                                                                                    0x7ff728011720
                                                                                                                                                                                                    0x7ff728011725
                                                                                                                                                                                                    0x7ff72801172b
                                                                                                                                                                                                    0x7ff728011730
                                                                                                                                                                                                    0x7ff728011737
                                                                                                                                                                                                    0x7ff72801173e
                                                                                                                                                                                                    0x7ff728011740
                                                                                                                                                                                                    0x7ff728011745
                                                                                                                                                                                                    0x7ff728011747
                                                                                                                                                                                                    0x7ff72801174c
                                                                                                                                                                                                    0x7ff728011752
                                                                                                                                                                                                    0x7ff728011757
                                                                                                                                                                                                    0x7ff72801175a
                                                                                                                                                                                                    0x7ff728011780

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 3340a66846d07b0f9e714060594e045375b321804dd7a017f53166dadd991860
                                                                                                                                                                                                    • Instruction ID: 0b617173ae9fabe0ee0461eeef9d03f09d1723673a3c271e9d1daee8d0450710
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3340a66846d07b0f9e714060594e045375b321804dd7a017f53166dadd991860
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0231B232E1864245E3367F25AC4157DF651EF807A0F956637EA290BBD2DE3EA4018F38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728011A0C Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF728011A0C(void* __ebx, signed int __ecx, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r12;
				signed int _t26;
				void* _t33;
				void* _t52;
				signed int* _t56;
				signed int* _t57;
				long long _t63;
				signed long long _t66;
				signed long long _t74;

				_t72 = __r8;
				_t68 = __rbp;
				_t62 = __rdx;
				_t61 = __rcx;
				_t33 = __ebx;
				_a24 = __rbx;
				_a32 = __rsi;
				_a8 = __ecx;
				_t59 = __ecx;
				if (__ebx != 0xfffffffe) goto 0x28011a47;
				E00007FF77FF7280078CC(__rax);
				 *__rax = 0;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28011b10;
				if (__ebx < 0) goto 0x28011ae7;
				_t52 = _t33 -  *0x280489c0; // 0x20
				if (_t52 >= 0) goto 0x28011ae7;
				_t74 = __ecx >> 5;
				_t66 = __ecx * 0x58;
				_t56 =  *((intOrPtr*)(0x280489e0 + _t74 * 8));
				if (_t52 != 0) goto 0x28011aaf;
				E00007FF77FF7280078CC(_t56);
				 *_t56 = 0;
				E00007FF77FF7280078AC(_t56);
				 *_t56 = 9;
				_v40 = _t63;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t56, __ecx, __rcx, __rdx, _t66, __rbp, __r8);
				goto 0x28011b10;
				E00007FF77FF72801593C(_t33, _t33, _t59, _t63, _t66, _t74);
				_t57 =  *((intOrPtr*)(0x280489e0 + _t74 * 8));
				if (( *(_t57 + _t66 + 8) & 0x00000001) == 0) goto 0x28011ace;
				_t26 = E00007FF77FF728011950(_t33, 0, _t57, _t59);
				goto 0x28011adc;
				E00007FF77FF7280078AC(_t57);
				 *_t57 = 9;
				E00007FF77FF7280159E4();
				goto 0x28011b10;
				E00007FF77FF7280078CC(_t57);
				 *_t57 = _t26 | 0xffffffff;
				E00007FF77FF7280078AC(_t57);
				 *_t57 = 9;
				_v40 = _t63;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t57, _t59, _t61, _t62, _t66, _t68, _t72) | 0xffffffff;
			}














                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a0c
                                                                                                                                                                                                    0x7ff728011a11
                                                                                                                                                                                                    0x7ff728011a16
                                                                                                                                                                                                    0x7ff728011a23
                                                                                                                                                                                                    0x7ff728011a29
                                                                                                                                                                                                    0x7ff728011a2b
                                                                                                                                                                                                    0x7ff728011a32
                                                                                                                                                                                                    0x7ff728011a34
                                                                                                                                                                                                    0x7ff728011a39
                                                                                                                                                                                                    0x7ff728011a42
                                                                                                                                                                                                    0x7ff728011a4b
                                                                                                                                                                                                    0x7ff728011a51
                                                                                                                                                                                                    0x7ff728011a57
                                                                                                                                                                                                    0x7ff728011a63
                                                                                                                                                                                                    0x7ff728011a71
                                                                                                                                                                                                    0x7ff728011a75
                                                                                                                                                                                                    0x7ff728011a82
                                                                                                                                                                                                    0x7ff728011a84
                                                                                                                                                                                                    0x7ff728011a89
                                                                                                                                                                                                    0x7ff728011a8b
                                                                                                                                                                                                    0x7ff728011a90
                                                                                                                                                                                                    0x7ff728011a96
                                                                                                                                                                                                    0x7ff728011a9b
                                                                                                                                                                                                    0x7ff728011a9e
                                                                                                                                                                                                    0x7ff728011aa5
                                                                                                                                                                                                    0x7ff728011aad
                                                                                                                                                                                                    0x7ff728011ab1
                                                                                                                                                                                                    0x7ff728011ab7
                                                                                                                                                                                                    0x7ff728011ac1
                                                                                                                                                                                                    0x7ff728011ac5
                                                                                                                                                                                                    0x7ff728011acc
                                                                                                                                                                                                    0x7ff728011ace
                                                                                                                                                                                                    0x7ff728011ad3
                                                                                                                                                                                                    0x7ff728011ade
                                                                                                                                                                                                    0x7ff728011ae5
                                                                                                                                                                                                    0x7ff728011ae7
                                                                                                                                                                                                    0x7ff728011aec
                                                                                                                                                                                                    0x7ff728011aee
                                                                                                                                                                                                    0x7ff728011af3
                                                                                                                                                                                                    0x7ff728011af9
                                                                                                                                                                                                    0x7ff728011afe
                                                                                                                                                                                                    0x7ff728011b01
                                                                                                                                                                                                    0x7ff728011b23

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 45ca130e8ce689a6ec9fb1e7b1bd1d1e802a5172bf7414796e69646001ebef35
                                                                                                                                                                                                    • Instruction ID: 70a4315536bee04febe12ce80ba212c3339c8647ea1a63c18a9737cf334d8280
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45ca130e8ce689a6ec9fb1e7b1bd1d1e802a5172bf7414796e69646001ebef35
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB318F32E1868241F3357F65AC4153DFA51EF80764FD96637EA29076C2DE3EA8018B39
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280064C8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF77FF7280064C8(void* __eflags, long long __rbx, void* __rcx, long long __rdx, long long __rdi, long long __rsi, signed int** __r8) {
				signed int _t59;
				signed int _t60;
				void* _t79;
				void* _t87;
				void* _t123;
				signed int _t129;
				intOrPtr* _t140;
				intOrPtr* _t141;
				signed int* _t144;
				signed int* _t145;
				signed int* _t146;
				signed int* _t149;
				signed long long _t153;
				long long _t161;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr _t169;
				void* _t171;
				void* _t175;
				signed int** _t176;
				void* _t178;
				signed int* _t179;

				_t159 = __rsi;
				_t140 = _t163;
				 *((long long*)(_t140 + 8)) = __rbx;
				 *((long long*)(_t140 + 0x10)) = _t161;
				 *((long long*)(_t140 + 0x18)) = __rsi;
				 *((long long*)(_t140 + 0x20)) = __rdi;
				_t164 = _t163 - 0x50;
				_t179 = __rdx;
				_t153 = _t140 - 0x38;
				r12d = r9d;
				_t176 = __r8;
				E00007FF77FF728004E5C(_t140, _t153, __rcx);
				if (__r8 == 0) goto 0x28006503;
				 *((long long*)(__r8)) = __rdx;
				if (__rdx != 0) goto 0x28006532;
				E00007FF77FF7280078AC(_t140);
				 *(_t164 + 0x20) =  *(_t164 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t140 = 0x16;
				E00007FF77FF728004430(_t140, __rbx, _t153, __rcx, __rsi, _t161, __r8, _t178, _t175);
				goto 0x2800671b;
				if (r12d == 0) goto 0x28006543;
				if (r12d - 2 < 0) goto 0x28006508;
				if (r12d - 0x24 > 0) goto 0x28006508;
				bpl =  *_t179;
				_t144 =  &(_t179[0]);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x30)) + 0x10c)) - 1 <= 0) goto 0x28006575;
				E00007FF77FF72800FA5C(bpl & 0xffffffff, 8, 0,  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x30)) + 0x10c)) - 1, _t140, _t159, _t161, _t164 + 0x30, _t171);
				_t169 =  *((intOrPtr*)(_t164 + 0x30));
				goto 0x28006587;
				_t141 =  *((intOrPtr*)(_t169 + 0x140));
				_t59 =  *(_t141 + _t153 * 2) & 8;
				if (_t59 == 0) goto 0x28006593;
				bpl =  *_t144;
				_t145 =  &(_t144[0]);
				goto 0x28006551;
				if (bpl != 0x2d) goto 0x280065a5;
				goto 0x280065ab;
				if (bpl != 0x2b) goto 0x280065b1;
				bpl =  *_t145;
				_t146 =  &(_t145[0]);
				if (r12d < 0) goto 0x2800670d;
				if (r12d == 1) goto 0x2800670d;
				if (r12d - 0x24 > 0) goto 0x2800670d;
				if (r12d != 0) goto 0x280065fb;
				if (bpl == 0x30) goto 0x280065e1;
				r12d = 0xa;
				goto 0x28006619;
				if ( *_t146 == 0x78) goto 0x280065f3;
				if ( *_t146 == 0x58) goto 0x280065f3;
				r12d = 8;
				goto 0x28006619;
				r12d = 0x10;
				goto 0x28006607;
				if (r12d != 0x10) goto 0x28006619;
				if (bpl != 0x30) goto 0x28006619;
				if ( *_t146 == 0x78) goto 0x28006611;
				if ( *_t146 != 0x58) goto 0x28006619;
				bpl = _t146[0];
				_t60 = _t59 | 0xffffffff;
				r9d = _t60 / r12d;
				r8d =  *( *((intOrPtr*)(_t169 + 0x140)) + _t153 * 2) & 0x0000ffff;
				if ((r8b & 0x00000004) == 0) goto 0x28006643;
				goto 0x2800665d;
				if ((r8d & 0x00000103) == 0) goto 0x28006678;
				if (_t161 - 0x61 - 0x19 > 0) goto 0x2800665a;
				_t79 = bpl - 0x20 + 0xffffffc9;
				if (_t79 - r12d >= 0) goto 0x28006678;
				_t123 = 0 - r9d;
				if (_t123 < 0) goto 0x2800668c;
				if (_t123 != 0) goto 0x28006670;
				if (_t79 - _t60 % r12d <= 0) goto 0x2800668c;
				if (_t176 != 0) goto 0x28006692;
				if ((sil & 0x00000008) != 0) goto 0x2800669a;
				_t149 =  !=  ? _t179 :  &(_t146[0]) - 1;
				goto 0x280066e5;
				_t87 = 0 * r12d + _t79;
				bpl =  *_t149;
				goto 0x2800662b;
				if ((sil & 0x00000004) != 0) goto 0x280066c2;
				_t129 = sil & 0x00000001;
				if (_t129 != 0) goto 0x280066e5;
				if (_t129 == 0) goto 0x280066ba;
				if (_t87 - 0x80000000 > 0) goto 0x280066c2;
				if ((( *(_t164 + 0x90) | 0xe) & 0x00000002) != 0) goto 0x280066e5;
				if (_t87 - 0x7fffffff <= 0) goto 0x280066e5;
				E00007FF77FF7280078AC(_t141);
				 *_t141 = 0x22;
				if ((sil & 0x00000001) == 0) goto 0x280066d8;
				goto 0x280066e5;
				asm("sbb edi, edi");
				if (_t176 == 0) goto 0x280066ee;
				 *_t176 =  &(_t149[0]);
				if ((sil & 0x00000002) == 0) goto 0x280066f6;
				if ( *((char*)(_t164 + 0x48)) == 0) goto 0x28006709;
				 *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x2800672b;
				if (_t176 == 0) goto 0x28006716;
				 *_t176 = _t179;
				if ( *((intOrPtr*)(_t164 + 0x48)) == dil) goto 0x28006729;
				 *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}

























                                                                                                                                                                                                    0x7ff7280064c8
                                                                                                                                                                                                    0x7ff7280064c8
                                                                                                                                                                                                    0x7ff7280064cb
                                                                                                                                                                                                    0x7ff7280064cf
                                                                                                                                                                                                    0x7ff7280064d3
                                                                                                                                                                                                    0x7ff7280064d7
                                                                                                                                                                                                    0x7ff7280064e1
                                                                                                                                                                                                    0x7ff7280064e5
                                                                                                                                                                                                    0x7ff7280064eb
                                                                                                                                                                                                    0x7ff7280064ef
                                                                                                                                                                                                    0x7ff7280064f2
                                                                                                                                                                                                    0x7ff7280064f5
                                                                                                                                                                                                    0x7ff7280064fd
                                                                                                                                                                                                    0x7ff7280064ff
                                                                                                                                                                                                    0x7ff728006506
                                                                                                                                                                                                    0x7ff728006508
                                                                                                                                                                                                    0x7ff72800650d
                                                                                                                                                                                                    0x7ff728006513
                                                                                                                                                                                                    0x7ff728006516
                                                                                                                                                                                                    0x7ff72800651d
                                                                                                                                                                                                    0x7ff728006523
                                                                                                                                                                                                    0x7ff72800652d
                                                                                                                                                                                                    0x7ff728006535
                                                                                                                                                                                                    0x7ff72800653b
                                                                                                                                                                                                    0x7ff728006541
                                                                                                                                                                                                    0x7ff728006543
                                                                                                                                                                                                    0x7ff72800654d
                                                                                                                                                                                                    0x7ff728006559
                                                                                                                                                                                                    0x7ff728006569
                                                                                                                                                                                                    0x7ff72800656e
                                                                                                                                                                                                    0x7ff728006573
                                                                                                                                                                                                    0x7ff728006575
                                                                                                                                                                                                    0x7ff728006584
                                                                                                                                                                                                    0x7ff728006589
                                                                                                                                                                                                    0x7ff72800658b
                                                                                                                                                                                                    0x7ff72800658e
                                                                                                                                                                                                    0x7ff728006591
                                                                                                                                                                                                    0x7ff72800659e
                                                                                                                                                                                                    0x7ff7280065a3
                                                                                                                                                                                                    0x7ff7280065a9
                                                                                                                                                                                                    0x7ff7280065ab
                                                                                                                                                                                                    0x7ff7280065ae
                                                                                                                                                                                                    0x7ff7280065b4
                                                                                                                                                                                                    0x7ff7280065be
                                                                                                                                                                                                    0x7ff7280065c8
                                                                                                                                                                                                    0x7ff7280065d1
                                                                                                                                                                                                    0x7ff7280065d7
                                                                                                                                                                                                    0x7ff7280065d9
                                                                                                                                                                                                    0x7ff7280065df
                                                                                                                                                                                                    0x7ff7280065e4
                                                                                                                                                                                                    0x7ff7280065e9
                                                                                                                                                                                                    0x7ff7280065eb
                                                                                                                                                                                                    0x7ff7280065f1
                                                                                                                                                                                                    0x7ff7280065f3
                                                                                                                                                                                                    0x7ff7280065f9
                                                                                                                                                                                                    0x7ff7280065ff
                                                                                                                                                                                                    0x7ff728006605
                                                                                                                                                                                                    0x7ff72800660a
                                                                                                                                                                                                    0x7ff72800660f
                                                                                                                                                                                                    0x7ff728006611
                                                                                                                                                                                                    0x7ff728006622
                                                                                                                                                                                                    0x7ff728006628
                                                                                                                                                                                                    0x7ff72800662f
                                                                                                                                                                                                    0x7ff728006638
                                                                                                                                                                                                    0x7ff728006641
                                                                                                                                                                                                    0x7ff72800664a
                                                                                                                                                                                                    0x7ff728006655
                                                                                                                                                                                                    0x7ff72800665a
                                                                                                                                                                                                    0x7ff728006660
                                                                                                                                                                                                    0x7ff728006665
                                                                                                                                                                                                    0x7ff728006668
                                                                                                                                                                                                    0x7ff72800666a
                                                                                                                                                                                                    0x7ff72800666e
                                                                                                                                                                                                    0x7ff728006676
                                                                                                                                                                                                    0x7ff72800667f
                                                                                                                                                                                                    0x7ff728006684
                                                                                                                                                                                                    0x7ff72800668a
                                                                                                                                                                                                    0x7ff728006690
                                                                                                                                                                                                    0x7ff728006692
                                                                                                                                                                                                    0x7ff728006698
                                                                                                                                                                                                    0x7ff7280066a3
                                                                                                                                                                                                    0x7ff7280066a5
                                                                                                                                                                                                    0x7ff7280066a9
                                                                                                                                                                                                    0x7ff7280066b0
                                                                                                                                                                                                    0x7ff7280066b8
                                                                                                                                                                                                    0x7ff7280066bc
                                                                                                                                                                                                    0x7ff7280066c0
                                                                                                                                                                                                    0x7ff7280066c2
                                                                                                                                                                                                    0x7ff7280066c7
                                                                                                                                                                                                    0x7ff7280066d1
                                                                                                                                                                                                    0x7ff7280066d6
                                                                                                                                                                                                    0x7ff7280066df
                                                                                                                                                                                                    0x7ff7280066e8
                                                                                                                                                                                                    0x7ff7280066ea
                                                                                                                                                                                                    0x7ff7280066f2
                                                                                                                                                                                                    0x7ff7280066fb
                                                                                                                                                                                                    0x7ff728006702
                                                                                                                                                                                                    0x7ff72800670b
                                                                                                                                                                                                    0x7ff728006710
                                                                                                                                                                                                    0x7ff728006712
                                                                                                                                                                                                    0x7ff72800671b
                                                                                                                                                                                                    0x7ff728006722
                                                                                                                                                                                                    0x7ff728006749

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_getptd
                                                                                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                                                                                    • API String ID: 3432092939-699404926
                                                                                                                                                                                                    • Opcode ID: aad5d6a6d4a97e1526b7f6d55b50bd1c2d78e1ed061e41c5c93955d9012505b4
                                                                                                                                                                                                    • Instruction ID: 9d41407cce3dd48707f93644a5f1a2bd16c829b7e0a7dd90cc971a7542592c86
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aad5d6a6d4a97e1526b7f6d55b50bd1c2d78e1ed061e41c5c93955d9012505b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D71E622D0C76280FBB567958C1537AE692EF41758F954237CABF022D7DE2EE4408B29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728028B10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF728028B10(void* __ebx, void* __edi, void* __eflags, long long __rbx, signed int __rcx, void* __rdx, void* __r9) {
				void* __rsi;
				signed int _t116;
				void* _t139;
				long long* _t145;
				void* _t150;
				void* _t152;
				void* _t158;
				intOrPtr _t162;
				intOrPtr _t163;
				long long _t165;
				void* _t183;
				long long _t186;
				void* _t188;
				void* _t189;
				long long _t190;
				signed int _t191;
				void* _t193;
				void* _t194;
				intOrPtr _t203;
				long long _t205;
				void* _t208;
				long long _t209;

				_t139 = _t193;
				_t194 = _t193 - 0xa0;
				 *((long long*)(_t194 + 0x30)) = 0xfffffffe;
				 *((long long*)(_t139 + 0x10)) = __rbx;
				 *((long long*)(_t139 + 0x18)) = _t190;
				_t191 = __rcx;
				if (__eflags != 0) goto 0x28028b4d;
				goto 0x28028e5a;
				if (__rdx == 0) goto 0x28028b72;
				goto 0x28028e5a;
				_t145 =  *((intOrPtr*)(__rcx + 0x230)) -  *((intOrPtr*)(__rcx + 0x228));
				_t116 = 0 % __rcx;
				if (_t145 - 1 >= 0) goto 0x28028b95;
				goto 0x28028e5a;
				 *((char*)(_t194 + 0xd0)) = 0;
				_t158 =  *((intOrPtr*)(__rcx + 0x230)) -  *((intOrPtr*)(__rcx + 0x228));
				E00007FF77FF7280045E0(_t145, __rcx);
				r14d = 0;
				if (_t145 == 0) goto 0x28028bc7;
				 *_t145 = _t194 + 0x70;
				goto 0x28028bca;
				 *((long long*)(_t194 + 0x70)) = _t209;
				E00007FF77FF727FF4CA0(_t209, _t158, _t194 + 0x70, _t158, _t188, _t194 + 0xd0);
				if ( *((intOrPtr*)(_t194 + 0x90)) !=  *((intOrPtr*)(_t194 + 0x88))) goto 0x28028c07;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t191 + 0x230)) !=  *((intOrPtr*)(_t191 + 0x228))) goto 0x28028c1c;
				E00007FF77FF7280044B8();
				 *((intOrPtr*)(_t194 + 0x20)) = r14d;
				r9d = __edi;
				E00007FF77FF7280277F0(_t191 + 0x20,  *((intOrPtr*)(_t191 + 0x228)), _t188,  *((intOrPtr*)(_t194 + 0x88)));
				_t150 =  *((intOrPtr*)(_t194 + 0x90)) -  *((intOrPtr*)(_t194 + 0x88));
				_t183 = _t150 - 1;
				if (_t183 - _t150 < 0) goto 0x28028c6b;
				E00007FF77FF7280044B8();
				_t162 =  *((intOrPtr*)(_t194 + 0x88));
				r12d =  *(_t162 + _t183) & 0x000000ff;
				if (r12b == 0) goto 0x28028d60;
				if ((r12b & 0xffffffff) -  *((intOrPtr*)(_t191 + 0x2a4)) > 0) goto 0x28028d2a;
				if (r12b - 1 < 0) goto 0x28028d2a;
				r13d = r12b & 0xffffffff;
				if (r12b == 0) goto 0x28028d60;
				asm("o16 nop [eax+eax]");
				_t152 =  *((intOrPtr*)(_t194 + 0x90)) - _t162;
				_t189 = _t152 - 1;
				if (_t189 - _t152 < 0) goto 0x28028cd4;
				E00007FF77FF7280044B8();
				_t203 =  *((intOrPtr*)(_t194 + 0x90));
				_t163 =  *((intOrPtr*)(_t194 + 0x88));
				if ( *((intOrPtr*)(_t163 + _t189)) != r12b) goto 0x28028cf4;
				if (_t203 == _t163) goto 0x28028cea;
				 *((long long*)(_t194 + 0x90)) = _t203 - 1;
				if (_t209 + 1 - _t208 < 0) goto 0x28028cb0;
				goto 0x28028d60;
				if (_t163 == 0) goto 0x28028d01;
				E00007FF77FF7280044D8(_t152, _t163, _t163,  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF77FF7280044D8(_t152, _t163,  *((intOrPtr*)(_t194 + 0x70)),  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				goto 0x28028e5a;
				if (_t163 == 0) goto 0x28028d37;
				E00007FF77FF7280044D8(_t152, _t163, _t163,  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF77FF7280044D8(_t152, _t163,  *((intOrPtr*)(_t194 + 0x70)),  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				goto 0x28028e5a;
				_t186 =  *((intOrPtr*)(_t191 + 0x260));
				if ( *((intOrPtr*)(_t191 + 0x258)) - _t186 <= 0) goto 0x28028d85;
				E00007FF77FF7280044B8();
				_t205 =  *((intOrPtr*)(_t194 + 0x90));
				 *((long long*)(_t194 + 0x60)) =  *((intOrPtr*)(_t191 + 0x240));
				 *((long long*)(_t194 + 0x68)) = _t186;
				if ( *((intOrPtr*)(_t194 + 0x88)) - _t205 <= 0) goto 0x28028db3;
				E00007FF77FF7280044B8();
				_t165 =  *((intOrPtr*)(_t194 + 0x88));
				 *((long long*)(_t194 + 0x40)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x48)) = _t205;
				if (_t165 -  *((intOrPtr*)(_t194 + 0x90)) <= 0) goto 0x28028dd1;
				E00007FF77FF7280044B8();
				 *((long long*)(_t194 + 0x50)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x58)) = _t165;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) = 0;
				E00007FF77FF727FF9750(_t116, _t165, _t191 + 0x240, _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				if ( *((intOrPtr*)(_t194 + 0x88)) == 0) goto 0x28028e36;
				E00007FF77FF7280044D8( *((intOrPtr*)(_t194 + 0x70)), _t165,  *((intOrPtr*)(_t194 + 0x88)), _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF77FF7280044D8( *((intOrPtr*)(_t194 + 0x70)), _t165,  *((intOrPtr*)(_t194 + 0x70)), _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				return 1;
			}

























                                                                                                                                                                                                    0x7ff728028b10
                                                                                                                                                                                                    0x7ff728028b1b
                                                                                                                                                                                                    0x7ff728028b22
                                                                                                                                                                                                    0x7ff728028b2b
                                                                                                                                                                                                    0x7ff728028b2f
                                                                                                                                                                                                    0x7ff728028b33
                                                                                                                                                                                                    0x7ff728028b44
                                                                                                                                                                                                    0x7ff728028b48
                                                                                                                                                                                                    0x7ff728028b69
                                                                                                                                                                                                    0x7ff728028b6d
                                                                                                                                                                                                    0x7ff728028b79
                                                                                                                                                                                                    0x7ff728028b82
                                                                                                                                                                                                    0x7ff728028b8c
                                                                                                                                                                                                    0x7ff728028b90
                                                                                                                                                                                                    0x7ff728028b95
                                                                                                                                                                                                    0x7ff728028ba4
                                                                                                                                                                                                    0x7ff728028bb0
                                                                                                                                                                                                    0x7ff728028bb5
                                                                                                                                                                                                    0x7ff728028bbb
                                                                                                                                                                                                    0x7ff728028bc2
                                                                                                                                                                                                    0x7ff728028bc5
                                                                                                                                                                                                    0x7ff728028bca
                                                                                                                                                                                                    0x7ff728028bdf
                                                                                                                                                                                                    0x7ff728028bf8
                                                                                                                                                                                                    0x7ff728028bfa
                                                                                                                                                                                                    0x7ff728028c15
                                                                                                                                                                                                    0x7ff728028c17
                                                                                                                                                                                                    0x7ff728028c20
                                                                                                                                                                                                    0x7ff728028c25
                                                                                                                                                                                                    0x7ff728028c32
                                                                                                                                                                                                    0x7ff728028c4a
                                                                                                                                                                                                    0x7ff728028c4d
                                                                                                                                                                                                    0x7ff728028c54
                                                                                                                                                                                                    0x7ff728028c56
                                                                                                                                                                                                    0x7ff728028c63
                                                                                                                                                                                                    0x7ff728028c6b
                                                                                                                                                                                                    0x7ff728028c73
                                                                                                                                                                                                    0x7ff728028c83
                                                                                                                                                                                                    0x7ff728028c8d
                                                                                                                                                                                                    0x7ff728028c96
                                                                                                                                                                                                    0x7ff728028c9d
                                                                                                                                                                                                    0x7ff728028ca3
                                                                                                                                                                                                    0x7ff728028cb3
                                                                                                                                                                                                    0x7ff728028cb6
                                                                                                                                                                                                    0x7ff728028cbd
                                                                                                                                                                                                    0x7ff728028cbf
                                                                                                                                                                                                    0x7ff728028cc4
                                                                                                                                                                                                    0x7ff728028ccc
                                                                                                                                                                                                    0x7ff728028cd8
                                                                                                                                                                                                    0x7ff728028cdd
                                                                                                                                                                                                    0x7ff728028ce2
                                                                                                                                                                                                    0x7ff728028cf0
                                                                                                                                                                                                    0x7ff728028cf2
                                                                                                                                                                                                    0x7ff728028cf7
                                                                                                                                                                                                    0x7ff728028cfc
                                                                                                                                                                                                    0x7ff728028d01
                                                                                                                                                                                                    0x7ff728028d09
                                                                                                                                                                                                    0x7ff728028d11
                                                                                                                                                                                                    0x7ff728028d1e
                                                                                                                                                                                                    0x7ff728028d25
                                                                                                                                                                                                    0x7ff728028d2d
                                                                                                                                                                                                    0x7ff728028d32
                                                                                                                                                                                                    0x7ff728028d37
                                                                                                                                                                                                    0x7ff728028d3f
                                                                                                                                                                                                    0x7ff728028d47
                                                                                                                                                                                                    0x7ff728028d54
                                                                                                                                                                                                    0x7ff728028d5b
                                                                                                                                                                                                    0x7ff728028d60
                                                                                                                                                                                                    0x7ff728028d6e
                                                                                                                                                                                                    0x7ff728028d70
                                                                                                                                                                                                    0x7ff728028d75
                                                                                                                                                                                                    0x7ff728028d8c
                                                                                                                                                                                                    0x7ff728028d91
                                                                                                                                                                                                    0x7ff728028d9c
                                                                                                                                                                                                    0x7ff728028d9e
                                                                                                                                                                                                    0x7ff728028dab
                                                                                                                                                                                                    0x7ff728028db8
                                                                                                                                                                                                    0x7ff728028dbd
                                                                                                                                                                                                    0x7ff728028dc5
                                                                                                                                                                                                    0x7ff728028dc7
                                                                                                                                                                                                    0x7ff728028dd1
                                                                                                                                                                                                    0x7ff728028dd6
                                                                                                                                                                                                    0x7ff728028ddb
                                                                                                                                                                                                    0x7ff728028de0
                                                                                                                                                                                                    0x7ff728028de6
                                                                                                                                                                                                    0x7ff728028deb
                                                                                                                                                                                                    0x7ff728028df1
                                                                                                                                                                                                    0x7ff728028df6
                                                                                                                                                                                                    0x7ff728028e04
                                                                                                                                                                                                    0x7ff728028e1e
                                                                                                                                                                                                    0x7ff728028e2f
                                                                                                                                                                                                    0x7ff728028e31
                                                                                                                                                                                                    0x7ff728028e36
                                                                                                                                                                                                    0x7ff728028e3e
                                                                                                                                                                                                    0x7ff728028e46
                                                                                                                                                                                                    0x7ff728028e53
                                                                                                                                                                                                    0x7ff728028e75

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fb120ec78b6aca7237791ca1e518357a6acf2baba424791a472cd37449a4be2c
                                                                                                                                                                                                    • Instruction ID: ba0b25b7c5febd741175c1acca1cf65e3325da2f9eaf38c579e59955df49f07b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb120ec78b6aca7237791ca1e518357a6acf2baba424791a472cd37449a4be2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE91AF26608BC586DA70AF25EC403EEE3A0FB85784F944132DB9C17B99CF7DD4458B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280050E0 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF77FF7280050E0(void* __edi, intOrPtr __esi, void* __ebp, long long __rbx, short* __rcx, signed char* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t57;
				void* _t72;
				signed long long _t93;
				intOrPtr* _t97;
				intOrPtr* _t98;
				short* _t101;
				long long _t102;
				long long _t113;
				intOrPtr* _t114;
				void* _t119;
				long long _t121;
				signed char* _t122;
				signed long long _t126;
				void* _t127;
				void* _t134;
				int _t136;
				signed char* _t137;
				void* _t139;
				long long _t141;

				_t93 = _t126;
				 *((long long*)(_t93 + 8)) = __rbx;
				 *((long long*)(_t93 + 0x10)) = _t121;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				 *((long long*)(_t93 + 0x20)) = __rdi;
				_t127 = _t126 - 0x50;
				r14d = 0;
				_t119 = __r8;
				_t137 = __rdx;
				_t101 = __rcx;
				_t113 = _t141;
				if (__rcx == _t141) goto 0x28005123;
				_t72 = __r8 - _t141;
				if (_t72 != 0) goto 0x2800511d;
				goto 0x280052c9;
				if (_t72 <= 0) goto 0x28005123;
				 *((intOrPtr*)(__rcx)) = r14w;
				if (__rdx != _t141) goto 0x28005150;
				E00007FF77FF7280078AC(_t93);
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t127 + 0x20)) = _t141;
				 *_t93 = 0x16;
				E00007FF77FF728004430(_t93, __rcx, __rcx, __rdx, __r8, _t121, __r8, _t141, _t139);
				goto 0x280052c9;
				E00007FF77FF728004E5C(_t93 | 0xffffffff, _t127 + 0x30, __r9);
				if (_t101 == _t141) goto 0x2800526c;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x30)) + 0x14)) != r14d) goto 0x280051c0;
				if (_t119 - _t141 <= 0) goto 0x28005190;
				 *_t101 =  *(_t113 + _t137) & 0x000000ff;
				if ( *(_t113 + _t137) == r14b) goto 0x280051a5;
				_t114 = _t113 + 1;
				_t102 = _t101 + 2;
				if (_t114 - _t119 < 0) goto 0x28005176;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0x280051b8;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0x280051b8;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0x280051b8;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				_t97 = _t114;
				goto 0x280052c9;
				r9d = __edi;
				 *((intOrPtr*)(_t127 + 0x28)) = __esi;
				 *((long long*)(_t127 + 0x20)) = _t102;
				MultiByteToWideChar(_t136, ??, ??, ??, ??);
				if (_t97 != _t141) goto 0x280052b3;
				if (GetLastError() == 0x7a) goto 0x28005206;
				E00007FF77FF7280078AC(_t97);
				 *_t97 = 0x2a;
				 *_t102 = r14w;
				goto 0x28005190;
				r13d = __esi;
				_t122 = _t137;
				if (__esi == r14d) goto 0x2800523e;
				r13d = r13d - 1;
				if ( *_t122 == r14b) goto 0x2800523e;
				if (E00007FF77FF72800F9CC( *_t122 & 0x000000ff,  *_t122 - r14b, _t97, _t134) == r14d) goto 0x28005236;
				if (_t122[1] == r14b) goto 0x280051f5;
				goto 0x2800520f;
				_t98 =  *((intOrPtr*)(_t127 + 0x30));
				r9d = __ebp - r12d;
				 *((intOrPtr*)(_t127 + 0x28)) = __esi;
				 *((long long*)(_t127 + 0x20)) = _t102;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t98 != _t141) goto 0x280052b6;
				goto 0x280051f5;
				if ( *((intOrPtr*)(_t98 + 0x14)) != r14d) goto 0x2800527c;
				E00007FF77FF7280070C0(_t98, _t137);
				goto 0x280052b6;
				r9d = __edi;
				 *((intOrPtr*)(_t127 + 0x28)) = r14d;
				 *((long long*)(_t127 + 0x20)) = _t141;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t98 != _t141) goto 0x280052b3;
				_t57 = E00007FF77FF7280078AC(_t98);
				 *_t98 = 0x2a;
				goto 0x28005190;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0x280052c9;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				return _t57;
			}






















                                                                                                                                                                                                    0x7ff7280050e0
                                                                                                                                                                                                    0x7ff7280050e3
                                                                                                                                                                                                    0x7ff7280050e7
                                                                                                                                                                                                    0x7ff7280050eb
                                                                                                                                                                                                    0x7ff7280050ef
                                                                                                                                                                                                    0x7ff7280050f9
                                                                                                                                                                                                    0x7ff7280050fd
                                                                                                                                                                                                    0x7ff728005100
                                                                                                                                                                                                    0x7ff728005103
                                                                                                                                                                                                    0x7ff728005106
                                                                                                                                                                                                    0x7ff728005109
                                                                                                                                                                                                    0x7ff72800510f
                                                                                                                                                                                                    0x7ff728005111
                                                                                                                                                                                                    0x7ff728005114
                                                                                                                                                                                                    0x7ff728005118
                                                                                                                                                                                                    0x7ff72800511d
                                                                                                                                                                                                    0x7ff72800511f
                                                                                                                                                                                                    0x7ff728005126
                                                                                                                                                                                                    0x7ff728005128
                                                                                                                                                                                                    0x7ff72800512d
                                                                                                                                                                                                    0x7ff728005130
                                                                                                                                                                                                    0x7ff728005137
                                                                                                                                                                                                    0x7ff72800513c
                                                                                                                                                                                                    0x7ff728005142
                                                                                                                                                                                                    0x7ff72800514b
                                                                                                                                                                                                    0x7ff728005158
                                                                                                                                                                                                    0x7ff728005165
                                                                                                                                                                                                    0x7ff72800516f
                                                                                                                                                                                                    0x7ff728005174
                                                                                                                                                                                                    0x7ff72800517b
                                                                                                                                                                                                    0x7ff728005182
                                                                                                                                                                                                    0x7ff728005184
                                                                                                                                                                                                    0x7ff728005187
                                                                                                                                                                                                    0x7ff72800518e
                                                                                                                                                                                                    0x7ff728005195
                                                                                                                                                                                                    0x7ff72800519c
                                                                                                                                                                                                    0x7ff7280051a3
                                                                                                                                                                                                    0x7ff7280051aa
                                                                                                                                                                                                    0x7ff7280051b1
                                                                                                                                                                                                    0x7ff7280051b8
                                                                                                                                                                                                    0x7ff7280051bb
                                                                                                                                                                                                    0x7ff7280051cd
                                                                                                                                                                                                    0x7ff7280051d0
                                                                                                                                                                                                    0x7ff7280051d4
                                                                                                                                                                                                    0x7ff7280051d9
                                                                                                                                                                                                    0x7ff7280051e4
                                                                                                                                                                                                    0x7ff7280051f3
                                                                                                                                                                                                    0x7ff7280051f5
                                                                                                                                                                                                    0x7ff7280051fa
                                                                                                                                                                                                    0x7ff728005200
                                                                                                                                                                                                    0x7ff728005204
                                                                                                                                                                                                    0x7ff728005206
                                                                                                                                                                                                    0x7ff728005209
                                                                                                                                                                                                    0x7ff72800520f
                                                                                                                                                                                                    0x7ff728005211
                                                                                                                                                                                                    0x7ff728005218
                                                                                                                                                                                                    0x7ff72800522b
                                                                                                                                                                                                    0x7ff728005234
                                                                                                                                                                                                    0x7ff72800523c
                                                                                                                                                                                                    0x7ff72800523e
                                                                                                                                                                                                    0x7ff728005251
                                                                                                                                                                                                    0x7ff728005254
                                                                                                                                                                                                    0x7ff728005258
                                                                                                                                                                                                    0x7ff72800525d
                                                                                                                                                                                                    0x7ff728005268
                                                                                                                                                                                                    0x7ff72800526a
                                                                                                                                                                                                    0x7ff728005270
                                                                                                                                                                                                    0x7ff728005275
                                                                                                                                                                                                    0x7ff72800527a
                                                                                                                                                                                                    0x7ff728005289
                                                                                                                                                                                                    0x7ff72800528c
                                                                                                                                                                                                    0x7ff728005291
                                                                                                                                                                                                    0x7ff728005296
                                                                                                                                                                                                    0x7ff7280052a1
                                                                                                                                                                                                    0x7ff7280052a3
                                                                                                                                                                                                    0x7ff7280052a8
                                                                                                                                                                                                    0x7ff7280052ae
                                                                                                                                                                                                    0x7ff7280052bb
                                                                                                                                                                                                    0x7ff7280052c2
                                                                                                                                                                                                    0x7ff7280052e7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2918714741-0
                                                                                                                                                                                                    • Opcode ID: 7d651b8da09034c2c0d35e20cf68fc683c853b3f3c94acc4a5abf00da545e554
                                                                                                                                                                                                    • Instruction ID: 9cef24ea25be8e5ebd798c0f3e1f1cf6190a61b7f9157f06f6d5bdac93ad29da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d651b8da09034c2c0d35e20cf68fc683c853b3f3c94acc4a5abf00da545e554
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F51B131A0968286E770AB14AD4047DFBA4FF45BA4F944232DA7D237D4CF3EE4408B18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801228C Relevance: 10.6, APIs: 7, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF72801228C(signed int __ebx, signed int __ecx, void* __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rbp, void* __r8, signed int _a8, long long _a24) {
				signed int _v40;
				void* __rdi;
				void* __rsi;
				void* __r12;
				signed int _t34;
				void* _t48;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t58;
				signed long long _t61;
				signed long long _t68;

				_t73 = __r8;
				_t69 = __rbp;
				_t65 = __rdx;
				_t48 = __edi;
				_a24 = __rbx;
				_a8 = __ecx;
				_t66 = __ecx;
				if (__edi != 0xfffffffe) goto 0x280122b8;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28012391;
				if (__ecx < 0) goto 0x2801236e;
				_t51 = _t48 -  *0x280489c0; // 0x20
				if (_t51 >= 0) goto 0x2801236e;
				_t68 = __ecx >> 5;
				_t34 = __ebx & 0x0000001f;
				_t61 = __ecx * 0x58;
				_t57 =  *((intOrPtr*)(0x280489e0 + _t68 * 8));
				if (_t51 != 0) goto 0x28012317;
				E00007FF77FF7280078AC(_t57);
				 *_t57 = 9;
				_v40 = _v40 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t57, _t61, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0x28012391;
				E00007FF77FF72801593C(_t34, __edi, _t61, _t66, _t68, 0x280489e0);
				_t58 =  *((intOrPtr*)(0x280489e0 + _t68 * 8));
				if (( *(_t58 + _t61 + 8) & 0x00000001) == 0) goto 0x28012355;
				E00007FF77FF7280158B8(_t48, 0, _t58, _t61, _t68, _t69, _t73);
				if (FlushFileBuffers(??) != 0) goto 0x28012348;
				GetLastError();
				goto 0x2801234a;
				if (0 == 0) goto 0x28012363;
				E00007FF77FF7280078CC(_t58);
				 *_t58 = 0;
				E00007FF77FF7280078AC(_t58);
				 *_t58 = 9;
				E00007FF77FF7280159E4();
				goto 0x28012391;
				E00007FF77FF7280078AC(_t58);
				 *_t58 = 9;
				_v40 = _v40 & 0x00000000;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF728004430(_t58, _t61, _t58, _t65, _t68, _t69, _t73) | 0xffffffff;
			}














                                                                                                                                                                                                    0x7ff72801228c
                                                                                                                                                                                                    0x7ff72801228c
                                                                                                                                                                                                    0x7ff72801228c
                                                                                                                                                                                                    0x7ff72801228c
                                                                                                                                                                                                    0x7ff72801228c
                                                                                                                                                                                                    0x7ff728012291
                                                                                                                                                                                                    0x7ff72801229d
                                                                                                                                                                                                    0x7ff7280122a3
                                                                                                                                                                                                    0x7ff7280122a5
                                                                                                                                                                                                    0x7ff7280122aa
                                                                                                                                                                                                    0x7ff7280122b3
                                                                                                                                                                                                    0x7ff7280122ba
                                                                                                                                                                                                    0x7ff7280122c0
                                                                                                                                                                                                    0x7ff7280122c6
                                                                                                                                                                                                    0x7ff7280122d2
                                                                                                                                                                                                    0x7ff7280122dd
                                                                                                                                                                                                    0x7ff7280122e0
                                                                                                                                                                                                    0x7ff7280122e4
                                                                                                                                                                                                    0x7ff7280122f0
                                                                                                                                                                                                    0x7ff7280122f2
                                                                                                                                                                                                    0x7ff7280122f7
                                                                                                                                                                                                    0x7ff7280122fd
                                                                                                                                                                                                    0x7ff728012303
                                                                                                                                                                                                    0x7ff728012306
                                                                                                                                                                                                    0x7ff72801230d
                                                                                                                                                                                                    0x7ff728012315
                                                                                                                                                                                                    0x7ff728012319
                                                                                                                                                                                                    0x7ff72801231f
                                                                                                                                                                                                    0x7ff728012328
                                                                                                                                                                                                    0x7ff72801232c
                                                                                                                                                                                                    0x7ff72801233c
                                                                                                                                                                                                    0x7ff72801233e
                                                                                                                                                                                                    0x7ff728012346
                                                                                                                                                                                                    0x7ff72801234c
                                                                                                                                                                                                    0x7ff72801234e
                                                                                                                                                                                                    0x7ff728012353
                                                                                                                                                                                                    0x7ff728012355
                                                                                                                                                                                                    0x7ff72801235a
                                                                                                                                                                                                    0x7ff728012365
                                                                                                                                                                                                    0x7ff72801236c
                                                                                                                                                                                                    0x7ff72801236e
                                                                                                                                                                                                    0x7ff728012373
                                                                                                                                                                                                    0x7ff728012379
                                                                                                                                                                                                    0x7ff72801237f
                                                                                                                                                                                                    0x7ff728012382
                                                                                                                                                                                                    0x7ff72801239e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2918714741-0
                                                                                                                                                                                                    • Opcode ID: 940a07213795119bc703be0b840b2cf50cf32eea5432c9220b670cdf8d9e1718
                                                                                                                                                                                                    • Instruction ID: 3021ee68a4fe177b2dbce2424fe93d45ae5cc700e36c2e2bddacbd41fc13a0b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 940a07213795119bc703be0b840b2cf50cf32eea5432c9220b670cdf8d9e1718
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C331AF21E1864285F731BB259C4277DE651EF84764F98523AEA290A2D2DF7EA4008E3D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800964D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF77FF72800964D(void* __rax, intOrPtr _a32, intOrPtr _a56, intOrPtr _a64, intOrPtr _a72, intOrPtr _a80, intOrPtr* _a96, intOrPtr _a208, intOrPtr* _a216, long long _a224, long long _a232) {
				void* _t36;
				void* _t37;
				void* _t44;
				void* _t53;
				intOrPtr* _t68;

				_t53 = __rax;
				_a32 = 1;
				E00007FF77FF72800B93C(_t37, _t44, __rax);
				 *(_t53 + 0x2c0) =  *(_t53 + 0x2c0) & 0x00000000;
				if (_a208 == 0) goto 0x28009699;
				E00007FF77FF7280093E4(1, _a216);
				r8d =  *((intOrPtr*)(_a64 + 0x18));
				RaiseException(??, ??, ??, ??);
				goto 0x280096b4;
				_t68 = _a216;
				r8d =  *((intOrPtr*)(_t68 + 0x18));
				RaiseException(??, ??, ??, ??);
				r14d = _a32;
				E00007FF77FF72800771C(_t53, _a72, _a80);
				if (r14d != 0) goto 0x2800971d;
				if ( *_t68 != 0xe06d7363) goto 0x2800971d;
				if ( *((intOrPtr*)(_t68 + 0x18)) != 4) goto 0x2800971d;
				if ( *((intOrPtr*)(_t68 + 0x20)) == 0x19930520) goto 0x28009706;
				if ( *((intOrPtr*)(_t68 + 0x20)) == 0x19930521) goto 0x28009706;
				if ( *((intOrPtr*)(_t68 + 0x20)) != 0x19930522) goto 0x2800971d;
				if (E00007FF77FF7280076E8(_t53,  *((intOrPtr*)(_t68 + 0x28))) == 0) goto 0x2800971d;
				E00007FF77FF7280093E4(1, _t68);
				E00007FF77FF72800B93C( *_t68, E00007FF77FF7280076E8(_t53,  *((intOrPtr*)(_t68 + 0x28))), _t53);
				 *((long long*)(_t53 + 0xf0)) = _a224;
				_t36 = E00007FF77FF72800B93C( *_t68, E00007FF77FF7280076E8(_t53,  *((intOrPtr*)(_t68 + 0x28))), _t53);
				 *((long long*)(_t53 + 0xf8)) = _a232;
				 *((long long*)( *((intOrPtr*)(_a56 + 0x1c)) +  *_a96)) = 0xfffffffe;
				return _t36;
			}








                                                                                                                                                                                                    0x7ff72800964d
                                                                                                                                                                                                    0x7ff72800964d
                                                                                                                                                                                                    0x7ff728009655
                                                                                                                                                                                                    0x7ff72800965a
                                                                                                                                                                                                    0x7ff728009669
                                                                                                                                                                                                    0x7ff728009678
                                                                                                                                                                                                    0x7ff728009686
                                                                                                                                                                                                    0x7ff728009691
                                                                                                                                                                                                    0x7ff728009697
                                                                                                                                                                                                    0x7ff728009699
                                                                                                                                                                                                    0x7ff7280096a5
                                                                                                                                                                                                    0x7ff7280096ae
                                                                                                                                                                                                    0x7ff7280096b4
                                                                                                                                                                                                    0x7ff7280096d3
                                                                                                                                                                                                    0x7ff7280096db
                                                                                                                                                                                                    0x7ff7280096e3
                                                                                                                                                                                                    0x7ff7280096e9
                                                                                                                                                                                                    0x7ff7280096f2
                                                                                                                                                                                                    0x7ff7280096fb
                                                                                                                                                                                                    0x7ff728009704
                                                                                                                                                                                                    0x7ff728009711
                                                                                                                                                                                                    0x7ff728009718
                                                                                                                                                                                                    0x7ff72800971d
                                                                                                                                                                                                    0x7ff72800972a
                                                                                                                                                                                                    0x7ff728009731
                                                                                                                                                                                                    0x7ff728009736
                                                                                                                                                                                                    0x7ff72800974a
                                                                                                                                                                                                    0x7ff728009765

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$ExceptionRaise
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 2255768072-1018135373
                                                                                                                                                                                                    • Opcode ID: b9f1586c76201837a7cedb49760973dd62f8e83127a431f82f18a74b45bd6239
                                                                                                                                                                                                    • Instruction ID: 518afae399cfc6f75d216980dfd5520514ef498eb378bedcfc1a6c61d5a088bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9f1586c76201837a7cedb49760973dd62f8e83127a431f82f18a74b45bd6239
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A310F36A0864283E670AF55E840669F360FB54B51F804137DAAE137D5CF3EE8468F24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800FE78 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                                                    			E00007FF77FF72800FE78(void* __ecx, void* __edx, void* __ebp, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* __r13;
				long long _t39;
				void* _t41;
				void* _t44;
				signed long long _t52;
				void* _t62;

				_t54 = __rsi;
				_t44 = __rcx;
				_t39 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t41 = __ecx;
				if ( *0x28043b90 != 0) goto 0x2800feb6;
				E00007FF77FF72800BF50();
				_t4 = _t54 + 0x1d; // 0x1e
				E00007FF77FF72800BD28(_t4, _t41, __rdi, __rsi, __rbp, __r9, _t62);
				E00007FF77FF7280055B4();
				_t52 = _t41 + _t41;
				if ( *((long long*)(0x280410f0 + _t52 * 8)) == 0) goto 0x2800fecf;
				goto 0x2800ff4a;
				E00007FF77FF72800A574(__ebp, _t39, _t41, _t44, __rsi, __rbp);
				if (_t39 != 0) goto 0x2800fef0;
				E00007FF77FF7280078AC(_t39);
				 *_t39 = 0xc;
				goto 0x2800ff4a;
				E00007FF77FF72800FF60();
				if ( *((long long*)(0x280410f0 + _t52 * 8)) != 0) goto 0x2800ff32;
				if (E00007FF77FF728010438() != 0) goto 0x2800ff2b;
				free(??);
				E00007FF77FF7280078AC(_t39);
				 *_t39 = 0xc;
				goto 0x2800ff3b;
				 *((long long*)(0x280410f0 + _t52 * 8)) = _t39;
				goto 0x2800ff3b;
				free(??);
				LeaveCriticalSection(??);
				return 0;
			}









                                                                                                                                                                                                    0x7ff72800fe78
                                                                                                                                                                                                    0x7ff72800fe78
                                                                                                                                                                                                    0x7ff72800fe78
                                                                                                                                                                                                    0x7ff72800fe78
                                                                                                                                                                                                    0x7ff72800fe7d
                                                                                                                                                                                                    0x7ff72800fe82
                                                                                                                                                                                                    0x7ff72800fe8d
                                                                                                                                                                                                    0x7ff72800fe9d
                                                                                                                                                                                                    0x7ff72800fe9f
                                                                                                                                                                                                    0x7ff72800fea4
                                                                                                                                                                                                    0x7ff72800fea7
                                                                                                                                                                                                    0x7ff72800feb1
                                                                                                                                                                                                    0x7ff72800feb9
                                                                                                                                                                                                    0x7ff72800fec9
                                                                                                                                                                                                    0x7ff72800fecd
                                                                                                                                                                                                    0x7ff72800fed4
                                                                                                                                                                                                    0x7ff72800fedf
                                                                                                                                                                                                    0x7ff72800fee1
                                                                                                                                                                                                    0x7ff72800fee6
                                                                                                                                                                                                    0x7ff72800feee
                                                                                                                                                                                                    0x7ff72800fef5
                                                                                                                                                                                                    0x7ff72800ff01
                                                                                                                                                                                                    0x7ff72800ff12
                                                                                                                                                                                                    0x7ff72800ff17
                                                                                                                                                                                                    0x7ff72800ff1c
                                                                                                                                                                                                    0x7ff72800ff21
                                                                                                                                                                                                    0x7ff72800ff29
                                                                                                                                                                                                    0x7ff72800ff2b
                                                                                                                                                                                                    0x7ff72800ff30
                                                                                                                                                                                                    0x7ff72800ff35
                                                                                                                                                                                                    0x7ff72800ff42
                                                                                                                                                                                                    0x7ff72800ff5f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$CriticalExitFileLeaveModuleNameProcessSectionSleep_lockfreemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1024173049-0
                                                                                                                                                                                                    • Opcode ID: ac058671c3edeb939d153bb6fb2abfec8c3f6b002bac18dcab764f1b054be2dd
                                                                                                                                                                                                    • Instruction ID: 3d90b9b655f7a01d40d14a5c22cf9ef20555cd7e25b4ac328818bce24959c080
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac058671c3edeb939d153bb6fb2abfec8c3f6b002bac18dcab764f1b054be2dd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B217F21E5968282F670BB11AC5437AE255EF85780F845037EA5E47BC2CF3EE4419F38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFCEF0 Relevance: 9.2, APIs: 6, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF77FF727FFCEF0(void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v72;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t68;
				void* _t71;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				signed long long _t113;
				intOrPtr _t116;
				intOrPtr* _t120;
				intOrPtr _t122;
				intOrPtr _t123;
				long long _t126;
				long long* _t129;
				long long* _t130;
				signed long long _t144;
				signed long long _t148;
				signed long long _t150;
				intOrPtr* _t153;
				void* _t156;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				void* _t164;
				signed long long _t166;
				void* _t168;
				intOrPtr* _t169;
				void* _t171;

				_t159 = __r8;
				_t155 = __rbp;
				_t162 = _t156;
				 *((long long*)(_t162 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t162 + 0x10)) = __rbx;
				 *((long long*)(_t162 + 0x18)) = __rsi;
				_t169 = __r8;
				_t153 = __rdx;
				_t126 = __rcx;
				_t129 = _t162 - 0x38;
				 *_t129 =  *__rdx;
				 *((long long*)(_t129 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t130 = _t162 - 0x50;
				 *_t130 =  *__r8;
				 *((long long*)(_t130 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t105 =  *((intOrPtr*)(_t162 - 0x50));
				if (_t105 == 0xfffffffc) goto 0x27ffcf5c;
				if (_t105 == 0) goto 0x27ffcf57;
				if (_t105 ==  *((intOrPtr*)(_t162 - 0x38))) goto 0x27ffcf5c;
				E00007FF77FF7280044B8();
				_t144 = _v72 - _v48 >> 1;
				_t148 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t148 - _t144 > 0) goto 0x27ffcfa6;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t144) goto 0x27ffcfa6;
				r8b = 1;
				if (E00007FF77FF727FF24C0(__rcx, __rcx, _t144, __rdx, __rbp, _t164, _t171, _t168) == 0) goto 0x27ffcfa6;
				 *(_t126 + 0x18) = _t148;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0x27ffcf98;
				goto 0x27ffcf9c;
				r13d = 0;
				 *((intOrPtr*)(_t126 + 8 + _t148 * 2)) = r13w;
				goto 0x27ffcfa9;
				r13d = 0;
				_t108 =  *_t153;
				if (_t108 == 0xfffffffc) goto 0x27ffcfcb;
				if (_t108 == 0) goto 0x27ffcfc6;
				if (_t108 ==  *_t169) goto 0x27ffcfcb;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t153 + 8)) ==  *((intOrPtr*)(_t169 + 8))) goto 0x27ffd0f4;
				_t110 =  *_t153;
				if (_t110 == 0xfffffffc) goto 0x27ffd013;
				if (_t110 != 0) goto 0x27ffcfec;
				E00007FF77FF7280044B8();
				_t111 =  *_t153;
				if ( *((long long*)(_t111 + 0x20)) - 8 < 0) goto 0x27ffcffc;
				goto 0x27ffd000;
				if ( *((intOrPtr*)(_t153 + 8)) - _t111 + 8 +  *(_t111 + 0x18) * 2 < 0) goto 0x27ffd013;
				E00007FF77FF7280044B8();
				_t113 =  *((intOrPtr*)(_t153 + 8));
				r12d =  *_t113 & 0x0000ffff;
				if ((_t113 | 0xffffffff) -  *(_t126 + 0x18) - 1 > 0) goto 0x27ffd02e;
				E00007FF77FF7280033CC((_t113 | 0xffffffff) -  *(_t126 + 0x18), _t126, _t148, _t155, _t159, _t161);
				_t150 =  *(_t126 + 0x18) + 1;
				if (_t150 - 0xfffffffe <= 0) goto 0x27ffd03f;
				_t68 = E00007FF77FF7280033CC((_t113 | 0xffffffff) -  *(_t126 + 0x18), _t126, _t150, _t155, _t159, _t161);
				_t116 =  *((intOrPtr*)(_t126 + 0x20));
				if (_t116 - _t150 >= 0) goto 0x27ffd059;
				E00007FF77FF727FF26D0(_t68, _t126, _t150,  *(_t126 + 0x18), _t166, _t164);
				goto 0x27ffd078;
				if (_t150 != 0) goto 0x27ffd078;
				 *(_t126 + 0x18) = _t166;
				if (_t116 - 8 < 0) goto 0x27ffd06e;
				goto 0x27ffd072;
				 *((intOrPtr*)(_t126 + 8)) = r13w;
				goto 0x27ffd0b0;
				if (_t150 == 0) goto 0x27ffd0b0;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0x27ffd091;
				goto 0x27ffd098;
				_t120 = _t126 + 8;
				 *((intOrPtr*)(_t120 +  *(_t126 + 0x18) * 2)) = r12w;
				 *(_t126 + 0x18) = _t150;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0x27ffd0ab;
				 *((intOrPtr*)( *_t120 + _t150 * 2)) = r13w;
				_t122 =  *_t153;
				if (_t122 == 0xfffffffc) goto 0x27ffd0ea;
				if (_t122 != 0) goto 0x27ffd0c3;
				E00007FF77FF7280044B8();
				_t123 =  *_t153;
				if ( *((long long*)(_t123 + 0x20)) - 8 < 0) goto 0x27ffd0d3;
				goto 0x27ffd0d7;
				if ( *((intOrPtr*)(_t153 + 8)) - _t123 + 8 +  *(_t123 + 0x18) * 2 < 0) goto 0x27ffd0ea;
				_t71 = E00007FF77FF7280044B8();
				 *((long long*)(_t153 + 8)) =  *((long long*)(_t153 + 8)) + 2;
				goto 0x27ffcfb3;
				return _t71;
			}




































                                                                                                                                                                                                    0x7ff727ffcef0
                                                                                                                                                                                                    0x7ff727ffcef0
                                                                                                                                                                                                    0x7ff727ffcef0
                                                                                                                                                                                                    0x7ff727ffcef3
                                                                                                                                                                                                    0x7ff727ffcf04
                                                                                                                                                                                                    0x7ff727ffcf0d
                                                                                                                                                                                                    0x7ff727ffcf11
                                                                                                                                                                                                    0x7ff727ffcf15
                                                                                                                                                                                                    0x7ff727ffcf18
                                                                                                                                                                                                    0x7ff727ffcf1b
                                                                                                                                                                                                    0x7ff727ffcf1e
                                                                                                                                                                                                    0x7ff727ffcf25
                                                                                                                                                                                                    0x7ff727ffcf2c
                                                                                                                                                                                                    0x7ff727ffcf30
                                                                                                                                                                                                    0x7ff727ffcf37
                                                                                                                                                                                                    0x7ff727ffcf3e
                                                                                                                                                                                                    0x7ff727ffcf42
                                                                                                                                                                                                    0x7ff727ffcf4a
                                                                                                                                                                                                    0x7ff727ffcf4f
                                                                                                                                                                                                    0x7ff727ffcf55
                                                                                                                                                                                                    0x7ff727ffcf57
                                                                                                                                                                                                    0x7ff727ffcf66
                                                                                                                                                                                                    0x7ff727ffcf69
                                                                                                                                                                                                    0x7ff727ffcf70
                                                                                                                                                                                                    0x7ff727ffcf76
                                                                                                                                                                                                    0x7ff727ffcf78
                                                                                                                                                                                                    0x7ff727ffcf85
                                                                                                                                                                                                    0x7ff727ffcf87
                                                                                                                                                                                                    0x7ff727ffcf90
                                                                                                                                                                                                    0x7ff727ffcf96
                                                                                                                                                                                                    0x7ff727ffcf9c
                                                                                                                                                                                                    0x7ff727ffcf9f
                                                                                                                                                                                                    0x7ff727ffcfa4
                                                                                                                                                                                                    0x7ff727ffcfa6
                                                                                                                                                                                                    0x7ff727ffcfb3
                                                                                                                                                                                                    0x7ff727ffcfba
                                                                                                                                                                                                    0x7ff727ffcfbf
                                                                                                                                                                                                    0x7ff727ffcfc4
                                                                                                                                                                                                    0x7ff727ffcfc6
                                                                                                                                                                                                    0x7ff727ffcfd3
                                                                                                                                                                                                    0x7ff727ffcfd9
                                                                                                                                                                                                    0x7ff727ffcfe0
                                                                                                                                                                                                    0x7ff727ffcfe5
                                                                                                                                                                                                    0x7ff727ffcfe7
                                                                                                                                                                                                    0x7ff727ffcfec
                                                                                                                                                                                                    0x7ff727ffcff4
                                                                                                                                                                                                    0x7ff727ffcffa
                                                                                                                                                                                                    0x7ff727ffd00c
                                                                                                                                                                                                    0x7ff727ffd00e
                                                                                                                                                                                                    0x7ff727ffd013
                                                                                                                                                                                                    0x7ff727ffd017
                                                                                                                                                                                                    0x7ff727ffd027
                                                                                                                                                                                                    0x7ff727ffd029
                                                                                                                                                                                                    0x7ff727ffd032
                                                                                                                                                                                                    0x7ff727ffd038
                                                                                                                                                                                                    0x7ff727ffd03a
                                                                                                                                                                                                    0x7ff727ffd03f
                                                                                                                                                                                                    0x7ff727ffd046
                                                                                                                                                                                                    0x7ff727ffd052
                                                                                                                                                                                                    0x7ff727ffd057
                                                                                                                                                                                                    0x7ff727ffd05c
                                                                                                                                                                                                    0x7ff727ffd05e
                                                                                                                                                                                                    0x7ff727ffd066
                                                                                                                                                                                                    0x7ff727ffd06c
                                                                                                                                                                                                    0x7ff727ffd072
                                                                                                                                                                                                    0x7ff727ffd076
                                                                                                                                                                                                    0x7ff727ffd07b
                                                                                                                                                                                                    0x7ff727ffd086
                                                                                                                                                                                                    0x7ff727ffd08f
                                                                                                                                                                                                    0x7ff727ffd091
                                                                                                                                                                                                    0x7ff727ffd098
                                                                                                                                                                                                    0x7ff727ffd09d
                                                                                                                                                                                                    0x7ff727ffd0a6
                                                                                                                                                                                                    0x7ff727ffd0ab
                                                                                                                                                                                                    0x7ff727ffd0b0
                                                                                                                                                                                                    0x7ff727ffd0b7
                                                                                                                                                                                                    0x7ff727ffd0bc
                                                                                                                                                                                                    0x7ff727ffd0be
                                                                                                                                                                                                    0x7ff727ffd0c3
                                                                                                                                                                                                    0x7ff727ffd0cb
                                                                                                                                                                                                    0x7ff727ffd0d1
                                                                                                                                                                                                    0x7ff727ffd0e3
                                                                                                                                                                                                    0x7ff727ffd0e5
                                                                                                                                                                                                    0x7ff727ffd0ea
                                                                                                                                                                                                    0x7ff727ffd0ef
                                                                                                                                                                                                    0x7ff727ffd10d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 7f6f2e91ed5572e42ace02233fa957f2e227a56f2aac9c965945f59fe9a565ff
                                                                                                                                                                                                    • Instruction ID: 400edbc6689545190dad1bc483d6b5f52244ab83bb19993cd712160045fe5933
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f6f2e91ed5572e42ace02233fa957f2e227a56f2aac9c965945f59fe9a565ff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09618F3360DA5180EB24AF16DA5402CE365FB46BA4B954332CA7D073E4DF39E943C765
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF3030 Relevance: 9.1, APIs: 6, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E00007FF77FF727FF3030(void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t58;
				void* _t61;
				intOrPtr _t91;
				intOrPtr _t94;
				signed long long _t101;
				intOrPtr _t104;
				intOrPtr* _t108;
				long long _t116;
				long long* _t119;
				long long* _t120;
				void* _t127;
				intOrPtr* _t131;
				signed long long _t134;
				signed long long _t136;
				void* _t139;
				intOrPtr* _t142;
				void* _t144;
				void* _t145;
				signed long long _t147;
				void* _t149;
				void* _t151;
				intOrPtr* _t152;
				void* _t154;

				_t142 = __r8;
				_t138 = __rbp;
				_t145 = _t139;
				 *((long long*)(_t145 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t145 + 0x10)) = __rbx;
				 *((long long*)(_t145 + 0x18)) = __rsi;
				_t152 = __r8;
				_t131 = __rdx;
				_t116 = __rcx;
				_t119 = _t145 - 0x48;
				 *_t119 =  *__r8;
				 *((long long*)(_t119 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t120 = _t145 - 0x38;
				 *_t120 =  *__rdx;
				 *((long long*)(_t120 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t91 =  *((intOrPtr*)(_t145 - 0x48));
				if (_t91 == 0) goto 0x27ff3091;
				if (_t91 ==  *((intOrPtr*)(_t145 - 0x38))) goto 0x27ff3096;
				E00007FF77FF7280044B8();
				_t127 = _v64 - _v48;
				_t134 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t134 - _t127 > 0) goto 0x27ff30dd;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t127) goto 0x27ff30dd;
				r8b = 1;
				if (E00007FF77FF727FF24C0(__rcx, __rcx, _t127, _t134, __rbp, _t147, _t154, _t151) == 0) goto 0x27ff30dd;
				 *(_t116 + 0x18) = _t134;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0x27ff30cf;
				goto 0x27ff30d3;
				r12d = 0;
				 *((intOrPtr*)(_t116 + 8 + _t134 * 2)) = r12w;
				goto 0x27ff30e0;
				r12d = 0;
				asm("o16 nop [eax+eax]");
				_t94 =  *_t131;
				if (_t94 == 0) goto 0x27ff30fd;
				if (_t94 ==  *_t152) goto 0x27ff3102;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(_t131 + 8)) ==  *((intOrPtr*)(_t152 + 8))) goto 0x27ff320e;
				if ( *_t131 != 0) goto 0x27ff312a;
				E00007FF77FF7280044B8();
				if ( *_t131 != 0) goto 0x27ff312a;
				goto 0x27ff312d;
				if ( *((intOrPtr*)(_t131 + 8)) -  *((intOrPtr*)( *_t147 + 0x20)) < 0) goto 0x27ff313c;
				E00007FF77FF7280044B8();
				_t101 =  *((intOrPtr*)(_t131 + 8));
				r13d =  *_t101 & 0x000000ff;
				if ((_t101 | 0xffffffff) -  *(_t116 + 0x18) - 1 > 0) goto 0x27ff3157;
				E00007FF77FF7280033CC((_t101 | 0xffffffff) -  *(_t116 + 0x18), _t116, _t131, _t138, _t142, _t144);
				_t136 =  *(_t116 + 0x18) + 1;
				if (_t136 - 0xfffffffe <= 0) goto 0x27ff3168;
				_t58 = E00007FF77FF7280033CC((_t101 | 0xffffffff) -  *(_t116 + 0x18), _t116, _t131, _t138, _t142, _t144);
				_t104 =  *((intOrPtr*)(_t116 + 0x20));
				if (_t104 - _t136 >= 0) goto 0x27ff3182;
				E00007FF77FF727FF26D0(_t58, _t116, _t136,  *(_t116 + 0x18), _t149, _t147);
				goto 0x27ff31a1;
				if (_t136 != 0) goto 0x27ff31a1;
				 *(_t116 + 0x18) = _t147;
				if (_t104 - 8 < 0) goto 0x27ff3197;
				goto 0x27ff319b;
				 *((intOrPtr*)(_t116 + 8)) = r12w;
				goto 0x27ff31d9;
				if (_t136 == 0) goto 0x27ff31d9;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0x27ff31ba;
				goto 0x27ff31c1;
				_t108 = _t116 + 8;
				 *((intOrPtr*)(_t108 +  *(_t116 + 0x18) * 2)) = r13w;
				 *(_t116 + 0x18) = _t136;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0x27ff31d4;
				 *((intOrPtr*)( *_t108 + _t136 * 2)) = r12w;
				if ( *_t131 != 0) goto 0x27ff31f3;
				E00007FF77FF7280044B8();
				if ( *_t131 != 0) goto 0x27ff31f3;
				goto 0x27ff31f6;
				if ( *((intOrPtr*)(_t131 + 8)) -  *((intOrPtr*)( *_t147 + 0x20)) < 0) goto 0x27ff3205;
				_t61 = E00007FF77FF7280044B8();
				 *((long long*)(_t131 + 8)) =  *((long long*)(_t131 + 8)) + 1;
				goto 0x27ff30f0;
				return _t61;
			}
































                                                                                                                                                                                                    0x7ff727ff3030
                                                                                                                                                                                                    0x7ff727ff3030
                                                                                                                                                                                                    0x7ff727ff3030
                                                                                                                                                                                                    0x7ff727ff3033
                                                                                                                                                                                                    0x7ff727ff3044
                                                                                                                                                                                                    0x7ff727ff304d
                                                                                                                                                                                                    0x7ff727ff3051
                                                                                                                                                                                                    0x7ff727ff3055
                                                                                                                                                                                                    0x7ff727ff3058
                                                                                                                                                                                                    0x7ff727ff305b
                                                                                                                                                                                                    0x7ff727ff305e
                                                                                                                                                                                                    0x7ff727ff3065
                                                                                                                                                                                                    0x7ff727ff306c
                                                                                                                                                                                                    0x7ff727ff3070
                                                                                                                                                                                                    0x7ff727ff3077
                                                                                                                                                                                                    0x7ff727ff307e
                                                                                                                                                                                                    0x7ff727ff3082
                                                                                                                                                                                                    0x7ff727ff3089
                                                                                                                                                                                                    0x7ff727ff308f
                                                                                                                                                                                                    0x7ff727ff3091
                                                                                                                                                                                                    0x7ff727ff309b
                                                                                                                                                                                                    0x7ff727ff30a0
                                                                                                                                                                                                    0x7ff727ff30a7
                                                                                                                                                                                                    0x7ff727ff30ad
                                                                                                                                                                                                    0x7ff727ff30af
                                                                                                                                                                                                    0x7ff727ff30bc
                                                                                                                                                                                                    0x7ff727ff30be
                                                                                                                                                                                                    0x7ff727ff30c7
                                                                                                                                                                                                    0x7ff727ff30cd
                                                                                                                                                                                                    0x7ff727ff30d3
                                                                                                                                                                                                    0x7ff727ff30d6
                                                                                                                                                                                                    0x7ff727ff30db
                                                                                                                                                                                                    0x7ff727ff30dd
                                                                                                                                                                                                    0x7ff727ff30ea
                                                                                                                                                                                                    0x7ff727ff30f0
                                                                                                                                                                                                    0x7ff727ff30f6
                                                                                                                                                                                                    0x7ff727ff30fb
                                                                                                                                                                                                    0x7ff727ff30fd
                                                                                                                                                                                                    0x7ff727ff310a
                                                                                                                                                                                                    0x7ff727ff3116
                                                                                                                                                                                                    0x7ff727ff3118
                                                                                                                                                                                                    0x7ff727ff3123
                                                                                                                                                                                                    0x7ff727ff3128
                                                                                                                                                                                                    0x7ff727ff3135
                                                                                                                                                                                                    0x7ff727ff3137
                                                                                                                                                                                                    0x7ff727ff313c
                                                                                                                                                                                                    0x7ff727ff3140
                                                                                                                                                                                                    0x7ff727ff3150
                                                                                                                                                                                                    0x7ff727ff3152
                                                                                                                                                                                                    0x7ff727ff315b
                                                                                                                                                                                                    0x7ff727ff3161
                                                                                                                                                                                                    0x7ff727ff3163
                                                                                                                                                                                                    0x7ff727ff3168
                                                                                                                                                                                                    0x7ff727ff316f
                                                                                                                                                                                                    0x7ff727ff317b
                                                                                                                                                                                                    0x7ff727ff3180
                                                                                                                                                                                                    0x7ff727ff3185
                                                                                                                                                                                                    0x7ff727ff3187
                                                                                                                                                                                                    0x7ff727ff318f
                                                                                                                                                                                                    0x7ff727ff3195
                                                                                                                                                                                                    0x7ff727ff319b
                                                                                                                                                                                                    0x7ff727ff319f
                                                                                                                                                                                                    0x7ff727ff31a4
                                                                                                                                                                                                    0x7ff727ff31af
                                                                                                                                                                                                    0x7ff727ff31b8
                                                                                                                                                                                                    0x7ff727ff31ba
                                                                                                                                                                                                    0x7ff727ff31c1
                                                                                                                                                                                                    0x7ff727ff31c6
                                                                                                                                                                                                    0x7ff727ff31cf
                                                                                                                                                                                                    0x7ff727ff31d4
                                                                                                                                                                                                    0x7ff727ff31df
                                                                                                                                                                                                    0x7ff727ff31e1
                                                                                                                                                                                                    0x7ff727ff31ec
                                                                                                                                                                                                    0x7ff727ff31f1
                                                                                                                                                                                                    0x7ff727ff31fe
                                                                                                                                                                                                    0x7ff727ff3200
                                                                                                                                                                                                    0x7ff727ff3205
                                                                                                                                                                                                    0x7ff727ff3209
                                                                                                                                                                                                    0x7ff727ff3227

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 06a8641fa43e2610765a8969c89ceab00d32e648021870bd44166826c331591f
                                                                                                                                                                                                    • Instruction ID: ba1be8bf738387d4ce40c1c2cc34f34501bc7db5b037da4791bcf91985a4c1cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a8641fa43e2610765a8969c89ceab00d32e648021870bd44166826c331591f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59513922A0DB4580EA14AF15D94402CA3A4FF06BA8B958636CE6D077E4DF3CE993C765
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800F7AC Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF77FF72800F7AC(void* __ecx, void* __edx, void* __ebp, void* __esp, void* __eflags, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r10, void* __r11, long long __r12, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed int _v24;
				void* _t46;
				signed int _t49;
				char _t55;
				void* _t64;
				void* _t69;
				signed int _t78;
				long long _t89;
				intOrPtr* _t90;
				long long _t93;
				void* _t95;
				long long _t102;
				long long _t109;
				long long _t112;
				void* _t118;
				void* _t124;

				_t118 = __r11;
				_t95 = __rcx;
				_t64 = __edx;
				_t58 = __ecx;
				_t89 = _t112;
				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = __rsi;
				 *((long long*)(_t89 + 0x18)) = __rdi;
				 *((long long*)(_t89 + 0x20)) = __r12;
				_t69 = __ecx;
				r13d = r13d | 0xffffffff;
				E00007FF77FF72800B93C(__ecx, __eflags, _t89);
				_t109 = _t89;
				E00007FF77FF72800F3E8(_t58, __eflags, _t89, __rbx, _t124);
				_t46 = E00007FF77FF72800F4A4(_t69, __eflags, _t89);
				r12d = _t46;
				if (_t46 ==  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xb8)) + 4))) goto 0x2800f981;
				E00007FF77FF72800A574(__ebp, _t89,  *((intOrPtr*)(_t109 + 0xb8)), _t95, _t109, __rbp);
				_t93 = _t89;
				if (_t89 == __rdi) goto 0x2800f986;
				r8d = 0x220;
				E00007FF77FF72800AE90(0x220, _t89 - __rdi, _t89,  *((intOrPtr*)(_t109 + 0xb8)), __r8);
				 *_t93 = 0;
				_t49 = E00007FF77FF72800F534(r12d, _t64, __esp, _t89 - __rdi, _t93, _t93, __r8, __r10, _t118);
				r13d = _t49;
				_t78 = _t49;
				if (_t78 != 0) goto 0x2800f95b;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t78 != 0) goto 0x2800f85e;
				if ( *((intOrPtr*)(_t109 + 0xb8)) == 0x28040bb0) goto 0x2800f865;
				free(??);
				goto 0x2800f865;
				 *((long long*)(_t109 + 0xb8)) = _t93;
				asm("lock add dword [ebx], 0x1");
				if (( *(_t109 + 0xc8) & 0x00000002) != 0) goto 0x2800f986;
				if (( *0x28040a10 & 0x00000001) != 0) goto 0x2800f986;
				E00007FF77FF72800FF60();
				 *0x28043bd4 =  *((intOrPtr*)(_t93 + 4));
				 *0x28043bd8 =  *((intOrPtr*)(_t93 + 8));
				 *0x28043bdc =  *((intOrPtr*)(_t93 + 0xc));
				_v24 = 0;
				if (0 - 5 >= 0) goto 0x2800f8db;
				 *0x7FF728043BC8 =  *(_t93 + 0x10) & 0x0000ffff;
				_v24 = 1;
				goto 0x2800f8bd;
				_v24 = 0;
				if (0 - 0x101 >= 0) goto 0x2800f900;
				 *0x7FF728040DD0 =  *((intOrPtr*)(0 + _t93 + 0x1c));
				_v24 = 1;
				goto 0x2800f8e1;
				_v24 = 0;
				if (0 - 0x100 >= 0) goto 0x2800f926;
				_t55 =  *((intOrPtr*)(0 + _t93 + 0x11d));
				 *0x7FF728040EE0 = _t55;
				_v24 = 1;
				goto 0x2800f904;
				_t90 =  *0x28040fe0; // 0x1036d30
				asm("lock add dword [eax], 0xffffffff");
				if (0 != 0x100) goto 0x2800f944;
				_t102 =  *0x28040fe0; // 0x1036d30
				if (_t102 == 0x28040bb0) goto 0x2800f944;
				free(??);
				 *0x28040fe0 = _t93;
				asm("lock add dword [ebx], 0x1");
				E00007FF77FF72800FE60();
				goto 0x2800f986;
				if (_t55 != 0xffffffff) goto 0x2800f986;
				if (_t93 == 0x28040bb0) goto 0x2800f974;
				free(??);
				E00007FF77FF7280078AC(_t90);
				 *_t90 = 0x16;
				goto 0x2800f986;
				r13d = 0;
				return r13d;
			}



















                                                                                                                                                                                                    0x7ff72800f7ac
                                                                                                                                                                                                    0x7ff72800f7ac
                                                                                                                                                                                                    0x7ff72800f7ac
                                                                                                                                                                                                    0x7ff72800f7ac
                                                                                                                                                                                                    0x7ff72800f7ac
                                                                                                                                                                                                    0x7ff72800f7af
                                                                                                                                                                                                    0x7ff72800f7b3
                                                                                                                                                                                                    0x7ff72800f7b7
                                                                                                                                                                                                    0x7ff72800f7bb
                                                                                                                                                                                                    0x7ff72800f7c5
                                                                                                                                                                                                    0x7ff72800f7c7
                                                                                                                                                                                                    0x7ff72800f7cb
                                                                                                                                                                                                    0x7ff72800f7d0
                                                                                                                                                                                                    0x7ff72800f7d3
                                                                                                                                                                                                    0x7ff72800f7e1
                                                                                                                                                                                                    0x7ff72800f7e6
                                                                                                                                                                                                    0x7ff72800f7ec
                                                                                                                                                                                                    0x7ff72800f7f7
                                                                                                                                                                                                    0x7ff72800f7fc
                                                                                                                                                                                                    0x7ff72800f804
                                                                                                                                                                                                    0x7ff72800f814
                                                                                                                                                                                                    0x7ff72800f81a
                                                                                                                                                                                                    0x7ff72800f81f
                                                                                                                                                                                                    0x7ff72800f827
                                                                                                                                                                                                    0x7ff72800f82c
                                                                                                                                                                                                    0x7ff72800f82f
                                                                                                                                                                                                    0x7ff72800f831
                                                                                                                                                                                                    0x7ff72800f83e
                                                                                                                                                                                                    0x7ff72800f842
                                                                                                                                                                                                    0x7ff72800f855
                                                                                                                                                                                                    0x7ff72800f857
                                                                                                                                                                                                    0x7ff72800f85c
                                                                                                                                                                                                    0x7ff72800f865
                                                                                                                                                                                                    0x7ff72800f86c
                                                                                                                                                                                                    0x7ff72800f877
                                                                                                                                                                                                    0x7ff72800f884
                                                                                                                                                                                                    0x7ff72800f88f
                                                                                                                                                                                                    0x7ff72800f898
                                                                                                                                                                                                    0x7ff72800f8a1
                                                                                                                                                                                                    0x7ff72800f8aa
                                                                                                                                                                                                    0x7ff72800f8b2
                                                                                                                                                                                                    0x7ff72800f8c0
                                                                                                                                                                                                    0x7ff72800f8ca
                                                                                                                                                                                                    0x7ff72800f8d5
                                                                                                                                                                                                    0x7ff72800f8d9
                                                                                                                                                                                                    0x7ff72800f8dd
                                                                                                                                                                                                    0x7ff72800f8e7
                                                                                                                                                                                                    0x7ff72800f8f0
                                                                                                                                                                                                    0x7ff72800f8fa
                                                                                                                                                                                                    0x7ff72800f8fe
                                                                                                                                                                                                    0x7ff72800f900
                                                                                                                                                                                                    0x7ff72800f90a
                                                                                                                                                                                                    0x7ff72800f90f
                                                                                                                                                                                                    0x7ff72800f916
                                                                                                                                                                                                    0x7ff72800f920
                                                                                                                                                                                                    0x7ff72800f924
                                                                                                                                                                                                    0x7ff72800f926
                                                                                                                                                                                                    0x7ff72800f92d
                                                                                                                                                                                                    0x7ff72800f931
                                                                                                                                                                                                    0x7ff72800f933
                                                                                                                                                                                                    0x7ff72800f93d
                                                                                                                                                                                                    0x7ff72800f93f
                                                                                                                                                                                                    0x7ff72800f944
                                                                                                                                                                                                    0x7ff72800f94b
                                                                                                                                                                                                    0x7ff72800f954
                                                                                                                                                                                                    0x7ff72800f959
                                                                                                                                                                                                    0x7ff72800f95e
                                                                                                                                                                                                    0x7ff72800f96a
                                                                                                                                                                                                    0x7ff72800f96f
                                                                                                                                                                                                    0x7ff72800f974
                                                                                                                                                                                                    0x7ff72800f979
                                                                                                                                                                                                    0x7ff72800f97f
                                                                                                                                                                                                    0x7ff72800f983
                                                                                                                                                                                                    0x7ff72800f9a3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2878544890-0
                                                                                                                                                                                                    • Opcode ID: dbefac1bd4e860cba46ec646c9f1af48dc9b2591202d1de2f3d620e5c24df54c
                                                                                                                                                                                                    • Instruction ID: d39a9b40346d2069caf7ac44946d6eed58f0af07dd22d2e0447a05ad0131dcfb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbefac1bd4e860cba46ec646c9f1af48dc9b2591202d1de2f3d620e5c24df54c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C551D43190968286E370EB619C00279F6A1FF84794F984137DAAD47BD5CF3EE4429F28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728029FC0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF728029FC0(void* __edx, long long __rbx, void* __rcx, long long __rsi) {
				void* _t40;
				void* _t42;
				intOrPtr _t60;
				intOrPtr* _t61;
				long long _t63;
				long long _t72;
				intOrPtr _t73;
				intOrPtr* _t77;
				long long* _t78;
				intOrPtr* _t80;
				long long _t87;
				void* _t90;
				void* _t91;

				 *((long long*)(_t90 + 8)) = __rbx;
				 *((long long*)(_t90 + 0x10)) = _t87;
				 *((long long*)(_t90 + 0x18)) = __rsi;
				_t91 = _t90 - 0x50;
				_t42 = __edx;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x60)) + 8));
				if ( *((char*)(_t60 + 0x29)) != 0) goto 0x28029ffe;
				if ( *((intOrPtr*)(_t60 + 0x18)) - __edx >= 0) goto 0x28029ff2;
				_t61 =  *((intOrPtr*)(_t60 + 0x10));
				goto 0x28029ff8;
				_t72 = _t61;
				if ( *((char*)( *_t61 + 0x29)) == 0) goto 0x28029fe7;
				_t63 =  *((intOrPtr*)(__rcx + 0x30));
				 *((long long*)(_t91 + 0x28)) = _t72;
				 *((long long*)(_t91 + 0x20)) = _t63;
				if (_t63 == 0) goto 0x2802a01a;
				if (_t63 == _t63) goto 0x2802a01f;
				E00007FF77FF7280044B8();
				if (_t72 ==  *((intOrPtr*)(__rcx + 0x60))) goto 0x2802a030;
				if (_t42 -  *((intOrPtr*)(_t72 + 0x18)) < 0) goto 0x2802a030;
				goto 0x2802a047;
				_t77 = _t91 + 0x30;
				 *((long long*)(_t91 + 0x38)) =  *((intOrPtr*)(__rcx + 0x60));
				 *((long long*)(_t91 + 0x30)) =  *((intOrPtr*)(__rcx + 0x30));
				_t78 = _t91 + 0x40;
				 *_t78 =  *_t77;
				 *((long long*)(_t78 + 8)) =  *((intOrPtr*)(_t77 + 8));
				_t80 =  *((intOrPtr*)(_t91 + 0x40));
				if (_t80 == 0) goto 0x2802a06e;
				if (_t80 ==  *((intOrPtr*)(__rcx + 0x30))) goto 0x2802a073;
				E00007FF77FF7280044B8();
				_t73 =  *((intOrPtr*)(_t91 + 0x48));
				if (_t73 ==  *((intOrPtr*)(__rcx + 0x60))) goto 0x2802a0c3;
				if (_t80 != 0) goto 0x2802a08e;
				E00007FF77FF7280044B8();
				goto 0x2802a091;
				if (_t73 !=  *((intOrPtr*)( *_t80 + 0x30))) goto 0x2802a09c;
				E00007FF77FF7280044B8();
				if ( *((long long*)(_t73 + 0x20)) == 0xffffffff) goto 0x2802a0c3;
				if (_t80 != 0) goto 0x2802a0af;
				E00007FF77FF7280044B8();
				goto 0x2802a0b2;
				if (_t73 !=  *((intOrPtr*)( *_t80 + 0x30))) goto 0x2802a0bd;
				_t40 = E00007FF77FF7280044B8();
				goto 0x2802a0c7;
				return _t40;
			}
















                                                                                                                                                                                                    0x7ff728029fc0
                                                                                                                                                                                                    0x7ff728029fc5
                                                                                                                                                                                                    0x7ff728029fca
                                                                                                                                                                                                    0x7ff728029fd0
                                                                                                                                                                                                    0x7ff728029fd8
                                                                                                                                                                                                    0x7ff728029fdd
                                                                                                                                                                                                    0x7ff728029fe5
                                                                                                                                                                                                    0x7ff728029fea
                                                                                                                                                                                                    0x7ff728029fec
                                                                                                                                                                                                    0x7ff728029ff0
                                                                                                                                                                                                    0x7ff728029ff2
                                                                                                                                                                                                    0x7ff728029ffc
                                                                                                                                                                                                    0x7ff728029ffe
                                                                                                                                                                                                    0x7ff72802a006
                                                                                                                                                                                                    0x7ff72802a00b
                                                                                                                                                                                                    0x7ff72802a013
                                                                                                                                                                                                    0x7ff72802a018
                                                                                                                                                                                                    0x7ff72802a01a
                                                                                                                                                                                                    0x7ff72802a022
                                                                                                                                                                                                    0x7ff72802a027
                                                                                                                                                                                                    0x7ff72802a02e
                                                                                                                                                                                                    0x7ff72802a034
                                                                                                                                                                                                    0x7ff72802a039
                                                                                                                                                                                                    0x7ff72802a042
                                                                                                                                                                                                    0x7ff72802a04e
                                                                                                                                                                                                    0x7ff72802a053
                                                                                                                                                                                                    0x7ff72802a05a
                                                                                                                                                                                                    0x7ff72802a05e
                                                                                                                                                                                                    0x7ff72802a066
                                                                                                                                                                                                    0x7ff72802a06c
                                                                                                                                                                                                    0x7ff72802a06e
                                                                                                                                                                                                    0x7ff72802a073
                                                                                                                                                                                                    0x7ff72802a07b
                                                                                                                                                                                                    0x7ff72802a082
                                                                                                                                                                                                    0x7ff72802a084
                                                                                                                                                                                                    0x7ff72802a08c
                                                                                                                                                                                                    0x7ff72802a095
                                                                                                                                                                                                    0x7ff72802a097
                                                                                                                                                                                                    0x7ff72802a0a1
                                                                                                                                                                                                    0x7ff72802a0a6
                                                                                                                                                                                                    0x7ff72802a0a8
                                                                                                                                                                                                    0x7ff72802a0ad
                                                                                                                                                                                                    0x7ff72802a0b6
                                                                                                                                                                                                    0x7ff72802a0b8
                                                                                                                                                                                                    0x7ff72802a0c1
                                                                                                                                                                                                    0x7ff72802a0db

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: b1dad616f5987b4a8820b29c662f81acca57bbf043e1374bbabc96fa387b78c7
                                                                                                                                                                                                    • Instruction ID: 72a36a2ea287c70c4ff55f4aa5eb753cfd17e421398d61cef4a43ea9080ea1bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1dad616f5987b4a8820b29c662f81acca57bbf043e1374bbabc96fa387b78c7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3314432A09B4182EAB1AB16DC8016CF361FB44BA4F944233DA5C077D9DF6DE851CB68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728015A0C Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide__initconout
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2210154019-0
                                                                                                                                                                                                    • Opcode ID: b6307e78168ad8cfc449806c29395060a627c9e19e62e9274fd19f5beea39485
                                                                                                                                                                                                    • Instruction ID: 2cbb69d9ed070d16212bf220a57f99d6648d77b88b0c1519dd5f97918204d00e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6307e78168ad8cfc449806c29395060a627c9e19e62e9274fd19f5beea39485
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0631E731A18A4682E770AB10EC8436AE270FB85775FA41336E56D0A5D4EF7ED544CF28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800B8B8 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871,?,?,?,00007FF728004219), ref: 00007FF72800B8C2
                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871,?,?,?,00007FF728004219), ref: 00007FF72800B8D0
                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871,?,?,?,00007FF728004219), ref: 00007FF72800B928
                                                                                                                                                                                                      • Part of subcall function 00007FF72800A5E0: Sleep.KERNEL32(?,?,?,00007FF72800B8EB,?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871), ref: 00007FF72800A625
                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7280078B5,?,?,?,?,00007FF728004871,?,?,?,00007FF728004219), ref: 00007FF72800B8FC
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF72800B91F
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FF72800B910
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3106088686-0
                                                                                                                                                                                                    • Opcode ID: 47fe6f310744996d0618dde16060a0968cc8db3ffcff5d940b5b223bec7bd5a3
                                                                                                                                                                                                    • Instruction ID: a4f076c20f7a23939860e8ee773a9330bcc3cf326647aab2510dd89f0a30d3f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fe6f310744996d0618dde16060a0968cc8db3ffcff5d940b5b223bec7bd5a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52017534E0A74342EA64BB65DD94438E291EF88760F888636C93D063D5EE3DE4458F38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280133F4 Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: 864e03c431a6d3e9e346be6ff6aff8a7b4752ac3b6a64fe7f5e624e93be13a61
                                                                                                                                                                                                    • Instruction ID: e59fe1f4e4ea3e6864e35b1bd4c8ef01959a277cc561936362793c01436ab5b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 864e03c431a6d3e9e346be6ff6aff8a7b4752ac3b6a64fe7f5e624e93be13a61
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D01E813E4984286EEB1FB91DC91438E724EF80B54FCA1433D91E535D29E2EF8809A3D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728009204 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                    			E00007FF77FF728009204(intOrPtr* __rcx) {
				void* _t11;
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				if ( *_t16 == 0xe0434f4d) goto 0x2800922d;
				_t13 =  *_t16 - 0xe06d7363;
				if ( *_t16 != 0xe06d7363) goto 0x28009246;
				E00007FF77FF72800B93C(_t11,  *_t16 - 0xe06d7363, _t16);
				 *(_t16 + 0x100) =  *(_t16 + 0x100) & 0x00000000;
				E00007FF77FF728010124( *_t16 - 0xe06d7363, _t16);
				asm("int3");
				E00007FF77FF72800B93C(_t11, _t13, _t16);
				if ( *(_t16 + 0x100) <= 0) goto 0x28009246;
				E00007FF77FF72800B93C(_t11,  *(_t16 + 0x100), _t16);
				 *(_t16 + 0x100) =  *(_t16 + 0x100) - 1;
				return 0;
			}





                                                                                                                                                                                                    0x7ff728009208
                                                                                                                                                                                                    0x7ff728009211
                                                                                                                                                                                                    0x7ff728009213
                                                                                                                                                                                                    0x7ff728009219
                                                                                                                                                                                                    0x7ff72800921b
                                                                                                                                                                                                    0x7ff728009220
                                                                                                                                                                                                    0x7ff728009227
                                                                                                                                                                                                    0x7ff72800922c
                                                                                                                                                                                                    0x7ff72800922d
                                                                                                                                                                                                    0x7ff728009239
                                                                                                                                                                                                    0x7ff72800923b
                                                                                                                                                                                                    0x7ff728009240
                                                                                                                                                                                                    0x7ff72800924c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: MOC$csm
                                                                                                                                                                                                    • API String ID: 3186804695-1389381023
                                                                                                                                                                                                    • Opcode ID: 00ecfaa5011b527fe4e670c7211831b1227f345612b3d7dc83072e452741e803
                                                                                                                                                                                                    • Instruction ID: 9a8a260ed449fe3782b1f70d2fbc515c860dde9733559d7be8abea0ada502072
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00ecfaa5011b527fe4e670c7211831b1227f345612b3d7dc83072e452741e803
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE01235D05142C6E6253B518C463FCF5F0EF69B16FD68072C158523C2DF7E59808E65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801348C Relevance: 7.7, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF77FF72801348C(void* __ebp, signed int __rbx, long long __rcx, signed int __rdi, signed int __rsi, void* __r8, void* __r9) {
				signed int _t88;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				char _t105;
				char _t106;
				char _t107;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t142;
				signed int* _t149;
				signed int* _t157;
				signed int* _t159;
				signed int _t176;
				char* _t213;
				char* _t214;
				signed int _t216;
				long long _t219;
				signed int _t221;
				signed int* _t223;
				signed int* _t225;
				void* _t226;
				char* _t229;
				void* _t232;
				void* _t233;
				signed int* _t234;
				void* _t236;
				signed int* _t237;
				void* _t239;
				intOrPtr* _t240;

				_t232 = __r9;
				_t228 = __r8;
				_t216 = __rdi;
				_t176 = __rbx;
				_t159 = _t225;
				_t159[2] = __rbx;
				_t159[4] = _t221;
				_t159[6] = __rsi;
				_t159[8] = __rdi;
				_t226 = _t225 - 0x40;
				r12d = 0;
				_t219 = __rcx;
				 *((long long*)(_t159 - 0x28)) = __rcx;
				 *(_t159 - 0x20) =  *(_t159 - 0x20) & _t233;
				if ( *((intOrPtr*)(__rcx + 0x18)) != r12d) goto 0x280134d2;
				if ( *((intOrPtr*)(__rcx + 0x1c)) != r12d) goto 0x280134d2;
				r13d = 0;
				goto 0x280137db;
				_t10 = _t216 - 0x57; // 0x1
				E00007FF77FF72800A5E0(__rbx, __rcx, __rdi, __rdi, __rcx, 0x280401a0, _t239, _t236);
				_t223 = _t159;
				if (_t159 != 0) goto 0x280134f4;
				goto 0x2801382c;
				E00007FF77FF72800A574(__ebp, _t159, _t176, _t176, _t219, _t223);
				_t237 = _t159;
				if (_t159 != 0) goto 0x28013513;
				free(_t233);
				goto 0x280134ea;
				 *_t159 =  *_t159 & r12d;
				if ( *((intOrPtr*)(_t219 + 0x18)) == r12d) goto 0x28013788;
				E00007FF77FF72800A574(__ebp, _t159, _t176, _t176, _t219, _t223);
				_t234 = _t159;
				_t149 = _t159;
				if (_t149 != 0) goto 0x2801353d;
				free(??);
				goto 0x2801350c;
				 *_t159 =  *_t159 & 0x00000000;
				_t142 =  *(_t219 + 0x38) & 0x0000ffff;
				r9d = 0x15;
				_t13 =  &(_t223[6]); // 0x18
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t13;
				_t88 = E00007FF77FF72800FB68(4, __r9 - 0x14, _t176, _t226 + 0x30, __r8);
				_t17 =  &(_t223[8]); // 0x20
				r9d = 0x14;
				 *((long long*)(_t226 + 0x20)) = _t17;
				r8d = _t142;
				_t111 = _t88;
				_t89 = E00007FF77FF72800FB68(_t111, _t232 - 0x13, _t176, _t226 + 0x30, __r8);
				_t21 =  &(_t223[0xa]); // 0x28
				r9d = 0x16;
				 *((long long*)(_t226 + 0x20)) = _t21;
				r8d = _t142;
				_t112 = _t111 | _t89;
				_t90 = E00007FF77FF72800FB68(_t112, _t232 - 0x15, _t176, _t226 + 0x30, __r8);
				r9d = 0x17;
				_t113 = _t112 | _t90;
				_t26 =  &(_t223[0xc]); // 0x30
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t26;
				_t91 = E00007FF77FF72800FB68(_t113, _t232 - 0x16, _t176, _t226 + 0x30, __r8);
				r9d = 0x18;
				_t29 =  &(_t223[0xe]); // 0x38
				_t240 = _t29;
				r8d = _t142;
				_t114 = _t113 | _t91;
				 *((long long*)(_t226 + 0x20)) = _t240;
				_t92 = E00007FF77FF72800FB68(_t114, _t232 - 0x17, _t176, _t226 + 0x30, __r8);
				r9d = 0x50;
				_t115 = _t114 | _t92;
				_t33 =  &(_t223[0x10]); // 0x40
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t33;
				_t93 = E00007FF77FF72800FB68(_t115, _t232 - 0x4f, _t176, _t226 + 0x30, _t228);
				r9d = 0x51;
				_t116 = _t115 | _t93;
				_t37 =  &(_t223[0x12]); // 0x48
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t37;
				_t94 = E00007FF77FF72800FB68(_t116, _t232 - 0x50, _t176, _t226 + 0x30, _t228);
				r9d = 0x1a;
				_t117 = _t116 | _t94;
				_t42 =  &(_t223[0x14]); // 0x50
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t42;
				_t95 = E00007FF77FF72800FB68(_t117, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x19;
				_t118 = _t117 | _t95;
				_t45 =  &(_t223[0x14]); // 0x51
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t45;
				_t96 = E00007FF77FF72800FB68(_t118, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x54;
				_t119 = _t118 | _t96;
				_t48 =  &(_t223[0x14]); // 0x52
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t48;
				_t120 = _t119 | E00007FF77FF72800FB68(_t119, 0, _t176, _t226 + 0x30, _t228);
				_t50 =  &(_t223[0x14]); // 0x53
				r9d = 0x55;
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t50;
				_t121 = _t120 | E00007FF77FF72800FB68(_t120, 0, _t176, _t226 + 0x30, _t228);
				_t54 =  &(_t223[0x15]); // 0x54
				r9d = 0x56;
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t54;
				_t99 = E00007FF77FF72800FB68(_t121, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x57;
				_t122 = _t121 | _t99;
				_t57 =  &(_t223[0x15]); // 0x55
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t57;
				_t100 = E00007FF77FF72800FB68(_t122, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x52;
				_t60 =  &(_t223[0x15]); // 0x56
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t60;
				_t101 = E00007FF77FF72800FB68(_t122 | _t100, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x53;
				_t63 =  &(_t223[0x15]); // 0x57
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t63;
				_t102 = E00007FF77FF72800FB68(_t122 | _t100 | _t101, 0, _t176, _t226 + 0x30, _t228);
				if (_t149 == 0) goto 0x28013754;
				E00007FF77FF7280133F4(_t102 | _t122 | _t100 | _t101, _t223);
				free(??);
				free(??);
				goto 0x2801350c;
				_t213 =  *_t240;
				goto 0x2801376a;
				_t105 =  *_t213;
				if (_t105 - 0x30 < 0) goto 0x28013771;
				if (_t105 - 0x39 > 0) goto 0x28013771;
				_t106 = _t105 - 0x30;
				 *_t213 = _t106;
				_t214 = _t213 + 1;
				if ( *_t214 != 0) goto 0x28013759;
				goto 0x2801379a;
				if (_t106 != 0x3b) goto 0x28013767;
				_t229 = _t214;
				_t107 =  *((intOrPtr*)(_t229 + 1));
				 *_t229 = _t107;
				if (_t107 != 0) goto 0x28013778;
				goto 0x2801376a;
				E00007FF77FF72800AE90(_t10, _t107, _t223, 0x280401a0, _t216);
				 *_t223 =  *( *(_t219 + 0x128));
				_t223[2] = ( *(_t219 + 0x128))[2];
				_t223[4] = ( *(_t219 + 0x128))[4];
				 *_t237 = 1;
				if (_t234 == 0) goto 0x280137db;
				 *_t234 = 1;
				if ( *(_t219 + 0x120) == 0) goto 0x280137eb;
				asm("lock add dword [eax], 0xffffffff");
				_t157 =  *(_t219 + 0x110);
				if (_t157 == 0) goto 0x28013815;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t157 != 0) goto 0x28013815;
				free(??);
				free(??);
				 *(_t219 + 0x120) = _t234;
				 *(_t219 + 0x110) = _t237;
				 *(_t219 + 0x128) = _t223;
				return 0;
			}




















































                                                                                                                                                                                                    0x7ff72801348c
                                                                                                                                                                                                    0x7ff72801348c
                                                                                                                                                                                                    0x7ff72801348c
                                                                                                                                                                                                    0x7ff72801348c
                                                                                                                                                                                                    0x7ff72801348c
                                                                                                                                                                                                    0x7ff72801348f
                                                                                                                                                                                                    0x7ff728013493
                                                                                                                                                                                                    0x7ff728013497
                                                                                                                                                                                                    0x7ff72801349b
                                                                                                                                                                                                    0x7ff7280134a5
                                                                                                                                                                                                    0x7ff7280134a9
                                                                                                                                                                                                    0x7ff7280134ac
                                                                                                                                                                                                    0x7ff7280134af
                                                                                                                                                                                                    0x7ff7280134b3
                                                                                                                                                                                                    0x7ff7280134bb
                                                                                                                                                                                                    0x7ff7280134c1
                                                                                                                                                                                                    0x7ff7280134c3
                                                                                                                                                                                                    0x7ff7280134cd
                                                                                                                                                                                                    0x7ff7280134da
                                                                                                                                                                                                    0x7ff7280134dd
                                                                                                                                                                                                    0x7ff7280134e2
                                                                                                                                                                                                    0x7ff7280134e8
                                                                                                                                                                                                    0x7ff7280134ef
                                                                                                                                                                                                    0x7ff7280134fc
                                                                                                                                                                                                    0x7ff728013501
                                                                                                                                                                                                    0x7ff728013507
                                                                                                                                                                                                    0x7ff72801350c
                                                                                                                                                                                                    0x7ff728013511
                                                                                                                                                                                                    0x7ff728013513
                                                                                                                                                                                                    0x7ff72801351a
                                                                                                                                                                                                    0x7ff728013523
                                                                                                                                                                                                    0x7ff728013528
                                                                                                                                                                                                    0x7ff72801352b
                                                                                                                                                                                                    0x7ff72801352e
                                                                                                                                                                                                    0x7ff728013533
                                                                                                                                                                                                    0x7ff72801353b
                                                                                                                                                                                                    0x7ff72801353d
                                                                                                                                                                                                    0x7ff728013540
                                                                                                                                                                                                    0x7ff728013544
                                                                                                                                                                                                    0x7ff72801354a
                                                                                                                                                                                                    0x7ff728013557
                                                                                                                                                                                                    0x7ff72801355a
                                                                                                                                                                                                    0x7ff72801355f
                                                                                                                                                                                                    0x7ff728013564
                                                                                                                                                                                                    0x7ff728013568
                                                                                                                                                                                                    0x7ff72801356e
                                                                                                                                                                                                    0x7ff72801357c
                                                                                                                                                                                                    0x7ff72801357f
                                                                                                                                                                                                    0x7ff728013581
                                                                                                                                                                                                    0x7ff728013586
                                                                                                                                                                                                    0x7ff72801358a
                                                                                                                                                                                                    0x7ff728013590
                                                                                                                                                                                                    0x7ff72801359e
                                                                                                                                                                                                    0x7ff7280135a1
                                                                                                                                                                                                    0x7ff7280135a3
                                                                                                                                                                                                    0x7ff7280135a8
                                                                                                                                                                                                    0x7ff7280135b3
                                                                                                                                                                                                    0x7ff7280135b5
                                                                                                                                                                                                    0x7ff7280135bd
                                                                                                                                                                                                    0x7ff7280135c0
                                                                                                                                                                                                    0x7ff7280135c5
                                                                                                                                                                                                    0x7ff7280135ca
                                                                                                                                                                                                    0x7ff7280135d0
                                                                                                                                                                                                    0x7ff7280135d0
                                                                                                                                                                                                    0x7ff7280135dd
                                                                                                                                                                                                    0x7ff7280135e0
                                                                                                                                                                                                    0x7ff7280135e2
                                                                                                                                                                                                    0x7ff7280135e7
                                                                                                                                                                                                    0x7ff7280135ec
                                                                                                                                                                                                    0x7ff7280135f2
                                                                                                                                                                                                    0x7ff7280135f4
                                                                                                                                                                                                    0x7ff728013601
                                                                                                                                                                                                    0x7ff728013604
                                                                                                                                                                                                    0x7ff728013609
                                                                                                                                                                                                    0x7ff72801360e
                                                                                                                                                                                                    0x7ff728013614
                                                                                                                                                                                                    0x7ff728013616
                                                                                                                                                                                                    0x7ff728013623
                                                                                                                                                                                                    0x7ff728013626
                                                                                                                                                                                                    0x7ff72801362b
                                                                                                                                                                                                    0x7ff728013635
                                                                                                                                                                                                    0x7ff72801363b
                                                                                                                                                                                                    0x7ff72801363d
                                                                                                                                                                                                    0x7ff728013641
                                                                                                                                                                                                    0x7ff728013646
                                                                                                                                                                                                    0x7ff72801364b
                                                                                                                                                                                                    0x7ff728013655
                                                                                                                                                                                                    0x7ff72801365b
                                                                                                                                                                                                    0x7ff72801365d
                                                                                                                                                                                                    0x7ff728013661
                                                                                                                                                                                                    0x7ff728013666
                                                                                                                                                                                                    0x7ff72801366b
                                                                                                                                                                                                    0x7ff728013675
                                                                                                                                                                                                    0x7ff72801367b
                                                                                                                                                                                                    0x7ff72801367d
                                                                                                                                                                                                    0x7ff728013681
                                                                                                                                                                                                    0x7ff728013686
                                                                                                                                                                                                    0x7ff728013690
                                                                                                                                                                                                    0x7ff728013692
                                                                                                                                                                                                    0x7ff72801369b
                                                                                                                                                                                                    0x7ff7280136a1
                                                                                                                                                                                                    0x7ff7280136a6
                                                                                                                                                                                                    0x7ff7280136b5
                                                                                                                                                                                                    0x7ff7280136b7
                                                                                                                                                                                                    0x7ff7280136bb
                                                                                                                                                                                                    0x7ff7280136c1
                                                                                                                                                                                                    0x7ff7280136c6
                                                                                                                                                                                                    0x7ff7280136cb
                                                                                                                                                                                                    0x7ff7280136d5
                                                                                                                                                                                                    0x7ff7280136db
                                                                                                                                                                                                    0x7ff7280136dd
                                                                                                                                                                                                    0x7ff7280136e1
                                                                                                                                                                                                    0x7ff7280136e6
                                                                                                                                                                                                    0x7ff7280136eb
                                                                                                                                                                                                    0x7ff7280136f5
                                                                                                                                                                                                    0x7ff7280136fd
                                                                                                                                                                                                    0x7ff728013701
                                                                                                                                                                                                    0x7ff728013706
                                                                                                                                                                                                    0x7ff72801370b
                                                                                                                                                                                                    0x7ff728013715
                                                                                                                                                                                                    0x7ff72801371d
                                                                                                                                                                                                    0x7ff728013721
                                                                                                                                                                                                    0x7ff728013726
                                                                                                                                                                                                    0x7ff72801372b
                                                                                                                                                                                                    0x7ff728013732
                                                                                                                                                                                                    0x7ff728013737
                                                                                                                                                                                                    0x7ff72801373f
                                                                                                                                                                                                    0x7ff728013747
                                                                                                                                                                                                    0x7ff72801374f
                                                                                                                                                                                                    0x7ff728013754
                                                                                                                                                                                                    0x7ff728013757
                                                                                                                                                                                                    0x7ff728013759
                                                                                                                                                                                                    0x7ff72801375d
                                                                                                                                                                                                    0x7ff728013761
                                                                                                                                                                                                    0x7ff728013763
                                                                                                                                                                                                    0x7ff728013765
                                                                                                                                                                                                    0x7ff728013767
                                                                                                                                                                                                    0x7ff72801376d
                                                                                                                                                                                                    0x7ff72801376f
                                                                                                                                                                                                    0x7ff728013773
                                                                                                                                                                                                    0x7ff728013775
                                                                                                                                                                                                    0x7ff728013778
                                                                                                                                                                                                    0x7ff72801377c
                                                                                                                                                                                                    0x7ff728013784
                                                                                                                                                                                                    0x7ff728013786
                                                                                                                                                                                                    0x7ff728013795
                                                                                                                                                                                                    0x7ff7280137a4
                                                                                                                                                                                                    0x7ff7280137b3
                                                                                                                                                                                                    0x7ff7280137c2
                                                                                                                                                                                                    0x7ff7280137c6
                                                                                                                                                                                                    0x7ff7280137d1
                                                                                                                                                                                                    0x7ff7280137d3
                                                                                                                                                                                                    0x7ff7280137e5
                                                                                                                                                                                                    0x7ff7280137e7
                                                                                                                                                                                                    0x7ff7280137f2
                                                                                                                                                                                                    0x7ff7280137f5
                                                                                                                                                                                                    0x7ff7280137f7
                                                                                                                                                                                                    0x7ff7280137fb
                                                                                                                                                                                                    0x7ff728013804
                                                                                                                                                                                                    0x7ff728013810
                                                                                                                                                                                                    0x7ff728013815
                                                                                                                                                                                                    0x7ff72801381c
                                                                                                                                                                                                    0x7ff728013823
                                                                                                                                                                                                    0x7ff72801384a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: 6dfd3ff1200bf06653a9c526eabe73c63303c5f0231cfc1aad9142993ce12b02
                                                                                                                                                                                                    • Instruction ID: 9c89daf0cad96789beb4bdddeae1b7bddf98699f25b17350a069022ec40e665b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dfd3ff1200bf06653a9c526eabe73c63303c5f0231cfc1aad9142993ce12b02
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45B16132B09B8285EB30EB62E8505A9F7A0FB85754F845132EA9D43BC5EF3DD105CB58
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802A560 Relevance: 7.6, APIs: 5, Instructions: 130fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                    			E00007FF77FF72802A560(void* __ebx, void* __ecx, void* __edi, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long __r8, void* __r9, char _a8, char _a32) {
				void* _v24;
				long long _v40;
				long long _v48;
				long long _v56;
				char _v80;
				long long _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				intOrPtr _t74;
				void* _t84;
				void* _t87;
				void* _t92;
				long long* _t93;
				long long _t100;
				void* _t104;
				intOrPtr _t120;
				void* _t135;
				void* _t138;
				void* _t140;
				void* _t145;
				long long _t150;

				_t92 = _t140;
				_v88 = 0xfffffffe;
				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rbp;
				_t100 = __r8;
				_t138 = __rdx;
				_t135 = __rcx;
				r12d = 0;
				 *((intOrPtr*)(_t92 + 0x20)) = r12d;
				if ( *((intOrPtr*)(__rcx + 0x28)) == r12b) goto 0x2802a6fe;
				_t136 = __rcx + 0x70;
				_t124 = __rcx + 0x70;
				E00007FF77FF7280278E0(__ebx, __edi, __r8, __rcx + 0x90, __rcx + 0x70, __rcx, _t136);
				r8d = 0;
				E00007FF77FF727FF4D20(_t136 + 0x210, _t136);
				r8d = 0;
				E00007FF77FF727FF4D20(_t136 + 0x240, _t124);
				if ( *((intOrPtr*)(_t100 + 0x18)) == _t150) goto 0x2802a5f7;
				_t93 =  *((intOrPtr*)(_t100 + 0x18));
				if ( *((long long*)(_t100 + 0x20)) - 8 < 0) goto 0x2802a5df;
				goto 0x2802a5e3;
				r8d = _t93 + _t93;
				_t84 = E00007FF77FF728029680(__ebx, 0, _t136, _t100 + 8);
				if (_t84 == 0) goto 0x2802a750;
				E00007FF77FF7280291A0(_t100, _t136, _t100 + 8, _t136, _t138);
				_t74 =  *((intOrPtr*)(_t135 + 0x2d0)) -  *((intOrPtr*)(_t135 + 0x2c8));
				if (_t84 == 0) goto 0x2802a750;
				E00007FF77FF7280045E0(_t93, _t136);
				if (_t93 == 0) goto 0x2802a62a;
				 *_t93 =  &_v80;
				goto 0x2802a62d;
				_v80 = _t150;
				_a8 = 0;
				E00007FF77FF727FF4CA0(_t150, _t100,  &_v80, _t100 + 4, _t136,  &_a8);
				if (_v48 != _v56) goto 0x2802a66c;
				E00007FF77FF7280044B8();
				 *_v56 = _t74;
				_t87 = _v48 - _v56 - 4;
				if (_t87 > 0) goto 0x2802a68b;
				E00007FF77FF7280044B8();
				E00007FF77FF728028A00(_t136);
				_t145 = _t135;
				E00007FF77FF72800AE90(8, _t87, _v56 + 4, _v48 - _v56, _t145);
				_t104 = _v48 - _v56;
				if (_t87 != 0) goto 0x2802a6bb;
				E00007FF77FF7280044B8();
				_v104 = _t150;
				r8d = _t74;
				WriteFile(??, ??, ??, ??, ??);
				if (_v56 == 0) goto 0x2802a6e3;
				E00007FF77FF7280044D8(_v48 - _v56, _t104, _v56, _v56, _t136, _t145,  &_a32);
				_v56 = _t150;
				_v48 = _t150;
				_v40 = _t150;
				_t120 = _v80;
				E00007FF77FF7280044D8(_v48 - _v56, _t104, _t120, _v56, _t136, _t145,  &_a32);
				goto 0x2802a750;
				if ( *((intOrPtr*)(_t120 + 0x29)) == r12b) goto 0x2802a721;
				if ( *((long long*)(_t145 + 0x20)) - 8 < 0) goto 0x2802a711;
				goto 0x2802a715;
				E00007FF77FF728006068(L"%s", _t145 + 8, _t145,  &_a32);
				if ( *((long long*)(_t104 + 0x20)) - 8 < 0) goto 0x2802a732;
				goto 0x2802a736;
				r8d =  *((intOrPtr*)(_t104 + 0x18)) +  *((intOrPtr*)(_t104 + 0x18));
				_v104 = _t150;
				return WriteFile(??, ??, ??, ??, ??);
			}

























                                                                                                                                                                                                    0x7ff72802a560
                                                                                                                                                                                                    0x7ff72802a56b
                                                                                                                                                                                                    0x7ff72802a574
                                                                                                                                                                                                    0x7ff72802a578
                                                                                                                                                                                                    0x7ff72802a57c
                                                                                                                                                                                                    0x7ff72802a57f
                                                                                                                                                                                                    0x7ff72802a582
                                                                                                                                                                                                    0x7ff72802a585
                                                                                                                                                                                                    0x7ff72802a588
                                                                                                                                                                                                    0x7ff72802a590
                                                                                                                                                                                                    0x7ff72802a596
                                                                                                                                                                                                    0x7ff72802a59e
                                                                                                                                                                                                    0x7ff72802a5a1
                                                                                                                                                                                                    0x7ff72802a5ad
                                                                                                                                                                                                    0x7ff72802a5b2
                                                                                                                                                                                                    0x7ff72802a5be
                                                                                                                                                                                                    0x7ff72802a5c3
                                                                                                                                                                                                    0x7ff72802a5cc
                                                                                                                                                                                                    0x7ff72802a5ce
                                                                                                                                                                                                    0x7ff72802a5d7
                                                                                                                                                                                                    0x7ff72802a5dd
                                                                                                                                                                                                    0x7ff72802a5e3
                                                                                                                                                                                                    0x7ff72802a5ef
                                                                                                                                                                                                    0x7ff72802a5f1
                                                                                                                                                                                                    0x7ff72802a5fa
                                                                                                                                                                                                    0x7ff72802a605
                                                                                                                                                                                                    0x7ff72802a60b
                                                                                                                                                                                                    0x7ff72802a616
                                                                                                                                                                                                    0x7ff72802a61e
                                                                                                                                                                                                    0x7ff72802a625
                                                                                                                                                                                                    0x7ff72802a628
                                                                                                                                                                                                    0x7ff72802a62d
                                                                                                                                                                                                    0x7ff72802a632
                                                                                                                                                                                                    0x7ff72802a64d
                                                                                                                                                                                                    0x7ff72802a660
                                                                                                                                                                                                    0x7ff72802a662
                                                                                                                                                                                                    0x7ff72802a66c
                                                                                                                                                                                                    0x7ff72802a67b
                                                                                                                                                                                                    0x7ff72802a67f
                                                                                                                                                                                                    0x7ff72802a681
                                                                                                                                                                                                    0x7ff72802a68e
                                                                                                                                                                                                    0x7ff72802a696
                                                                                                                                                                                                    0x7ff72802a69d
                                                                                                                                                                                                    0x7ff72802a6ac
                                                                                                                                                                                                    0x7ff72802a6af
                                                                                                                                                                                                    0x7ff72802a6b1
                                                                                                                                                                                                    0x7ff72802a6bb
                                                                                                                                                                                                    0x7ff72802a6c8
                                                                                                                                                                                                    0x7ff72802a6ce
                                                                                                                                                                                                    0x7ff72802a6dc
                                                                                                                                                                                                    0x7ff72802a6de
                                                                                                                                                                                                    0x7ff72802a6e3
                                                                                                                                                                                                    0x7ff72802a6e8
                                                                                                                                                                                                    0x7ff72802a6ed
                                                                                                                                                                                                    0x7ff72802a6f2
                                                                                                                                                                                                    0x7ff72802a6f7
                                                                                                                                                                                                    0x7ff72802a6fc
                                                                                                                                                                                                    0x7ff72802a702
                                                                                                                                                                                                    0x7ff72802a709
                                                                                                                                                                                                    0x7ff72802a70f
                                                                                                                                                                                                    0x7ff72802a71c
                                                                                                                                                                                                    0x7ff72802a72a
                                                                                                                                                                                                    0x7ff72802a730
                                                                                                                                                                                                    0x7ff72802a736
                                                                                                                                                                                                    0x7ff72802a73a
                                                                                                                                                                                                    0x7ff72802a764

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$FileWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 255116272-0
                                                                                                                                                                                                    • Opcode ID: f65e552bf3d28aa478b740350a4f5241e804a358c94a3600ca4f6d6addcbd357
                                                                                                                                                                                                    • Instruction ID: 9eba12aeecc0dbf7621cc1c20ba21ec80fd48e4c365ffc164d2ee878d7c095da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f65e552bf3d28aa478b740350a4f5241e804a358c94a3600ca4f6d6addcbd357
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51519122608A8186EB30AF26DC405AEF361FB84B94FC44132DA5D077D9CF7DD455CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF55C0 Relevance: 7.6, APIs: 5, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF77FF727FF55C0(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, intOrPtr* __r9) {
				void* _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				long long _t93;
				long long* _t106;
				intOrPtr* _t107;
				long long _t109;
				long long _t110;
				long long* _t112;
				intOrPtr* _t113;
				long long _t125;
				intOrPtr* _t126;
				void* _t128;
				void* _t129;
				long long* _t136;

				_t103 = __rcx;
				 *((long long*)(_t128 + 8)) = __rbx;
				 *((long long*)(_t128 + 0x10)) = _t125;
				 *((long long*)(_t128 + 0x18)) = __rsi;
				 *((long long*)(_t128 + 0x20)) = __rdi;
				_t129 = _t128 - 0x50;
				_t5 = _t103 + 0x30; // 0x44c748000000e0ec
				_t80 =  *((intOrPtr*)(__r8));
				_t136 = __rdx;
				_t126 = __rcx;
				if (_t80 == 0) goto 0x27ff55fa;
				if (_t80 ==  *__rcx) goto 0x27ff55ff;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r8 + 8)) !=  *((intOrPtr*)( *_t5))) goto 0x27ff5670;
				_t81 =  *__r9;
				_t7 = _t126 + 0x30; // 0x44c748000000e0ec
				if (_t81 == 0) goto 0x27ff5617;
				if (_t81 ==  *__rcx) goto 0x27ff561c;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r9 + 8)) !=  *_t7) goto 0x27ff5670;
				_t9 = _t126 + 0x30; // 0x44c748000000e0ec
				E00007FF77FF727FF6320(__r8, __rcx,  *((intOrPtr*)( *_t9 + 8)), __r9, __rcx);
				_t11 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)( *_t11 + 8)) =  *_t11;
				_t13 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)(_t126 + 0x38)) = 0;
				 *((long long*)( *_t13)) =  *_t13;
				_t15 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)( *_t15 + 0x10)) =  *_t15;
				_t17 = _t126 + 0x30; // 0x44c748000000e0ec
				 *_t136 =  *_t126;
				 *((long long*)(_t136 + 8)) =  *((intOrPtr*)( *_t17));
				goto 0x27ff5766;
				asm("o16 nop [eax+eax]");
				_t86 =  *((intOrPtr*)(__r8));
				if (_t86 == 0) goto 0x27ff567d;
				if (_t86 ==  *__r9) goto 0x27ff5682;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r8 + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0x27ff572e;
				_t106 = _t129 + 0x20;
				 *_t106 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t106 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *__r8 != 0) goto 0x27ff56ae;
				E00007FF77FF7280044B8();
				_t90 =  *((intOrPtr*)(__r8 + 8));
				if ( *((char*)(_t90 + 0x39)) == 0) goto 0x27ff56bf;
				E00007FF77FF7280044B8();
				goto 0x27ff570c;
				_t107 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((char*)(_t107 + 0x39)) != 0) goto 0x27ff56e0;
				_t91 =  *_t107;
				if ( *((char*)(_t91 + 0x39)) != 0) goto 0x27ff5708;
				_t92 =  *_t91;
				if ( *((char*)(_t92 + 0x39)) == 0) goto 0x27ff56d2;
				goto 0x27ff5708;
				_t109 =  *((intOrPtr*)(_t92 + 8));
				if ( *((char*)(_t109 + 0x39)) != 0) goto 0x27ff5708;
				asm("o16 nop [eax+eax]");
				_t93 =  *((intOrPtr*)(_t109 + 0x10));
				if ( *((intOrPtr*)(__r8 + 8)) != _t93) goto 0x27ff5708;
				 *((long long*)(__r8 + 8)) = _t109;
				_t110 =  *((intOrPtr*)(_t109 + 8));
				if ( *((char*)(_t110 + 0x39)) == 0) goto 0x27ff56f0;
				 *((long long*)(__r8 + 8)) = _t110;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t59 = E00007FF77FF727FF5EB0(_t60, _t61, __r8, _t126, _t129 + 0x40, __r9, _t129 + 0x30, __r9);
				goto 0x27ff5670;
				_t112 = _t129 + 0x30;
				 *_t112 = _t93;
				 *((long long*)(_t112 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t113 = _t129 + 0x20;
				 *((long long*)(_t129 + 0x28)) =  *((intOrPtr*)(_t129 + 0x38));
				 *((long long*)(_t129 + 0x20)) =  *_t126;
				 *_t136 =  *_t113;
				 *((long long*)(_t136 + 8)) =  *((intOrPtr*)(_t113 + 8));
				return _t59;
			}
























                                                                                                                                                                                                    0x7ff727ff55c0
                                                                                                                                                                                                    0x7ff727ff55c0
                                                                                                                                                                                                    0x7ff727ff55c5
                                                                                                                                                                                                    0x7ff727ff55ca
                                                                                                                                                                                                    0x7ff727ff55cf
                                                                                                                                                                                                    0x7ff727ff55d6
                                                                                                                                                                                                    0x7ff727ff55da
                                                                                                                                                                                                    0x7ff727ff55e7
                                                                                                                                                                                                    0x7ff727ff55ea
                                                                                                                                                                                                    0x7ff727ff55ed
                                                                                                                                                                                                    0x7ff727ff55f3
                                                                                                                                                                                                    0x7ff727ff55f8
                                                                                                                                                                                                    0x7ff727ff55fa
                                                                                                                                                                                                    0x7ff727ff5603
                                                                                                                                                                                                    0x7ff727ff5605
                                                                                                                                                                                                    0x7ff727ff5608
                                                                                                                                                                                                    0x7ff727ff560f
                                                                                                                                                                                                    0x7ff727ff5615
                                                                                                                                                                                                    0x7ff727ff5617
                                                                                                                                                                                                    0x7ff727ff5620
                                                                                                                                                                                                    0x7ff727ff5622
                                                                                                                                                                                                    0x7ff727ff562d
                                                                                                                                                                                                    0x7ff727ff5632
                                                                                                                                                                                                    0x7ff727ff5636
                                                                                                                                                                                                    0x7ff727ff563a
                                                                                                                                                                                                    0x7ff727ff563e
                                                                                                                                                                                                    0x7ff727ff5646
                                                                                                                                                                                                    0x7ff727ff5649
                                                                                                                                                                                                    0x7ff727ff564d
                                                                                                                                                                                                    0x7ff727ff5651
                                                                                                                                                                                                    0x7ff727ff565c
                                                                                                                                                                                                    0x7ff727ff5660
                                                                                                                                                                                                    0x7ff727ff5665
                                                                                                                                                                                                    0x7ff727ff566a
                                                                                                                                                                                                    0x7ff727ff5670
                                                                                                                                                                                                    0x7ff727ff5676
                                                                                                                                                                                                    0x7ff727ff567b
                                                                                                                                                                                                    0x7ff727ff567d
                                                                                                                                                                                                    0x7ff727ff568d
                                                                                                                                                                                                    0x7ff727ff5697
                                                                                                                                                                                                    0x7ff727ff569c
                                                                                                                                                                                                    0x7ff727ff56a3
                                                                                                                                                                                                    0x7ff727ff56a7
                                                                                                                                                                                                    0x7ff727ff56a9
                                                                                                                                                                                                    0x7ff727ff56ae
                                                                                                                                                                                                    0x7ff727ff56b6
                                                                                                                                                                                                    0x7ff727ff56b8
                                                                                                                                                                                                    0x7ff727ff56bd
                                                                                                                                                                                                    0x7ff727ff56bf
                                                                                                                                                                                                    0x7ff727ff56c7
                                                                                                                                                                                                    0x7ff727ff56c9
                                                                                                                                                                                                    0x7ff727ff56d0
                                                                                                                                                                                                    0x7ff727ff56d5
                                                                                                                                                                                                    0x7ff727ff56dc
                                                                                                                                                                                                    0x7ff727ff56de
                                                                                                                                                                                                    0x7ff727ff56e0
                                                                                                                                                                                                    0x7ff727ff56e8
                                                                                                                                                                                                    0x7ff727ff56ea
                                                                                                                                                                                                    0x7ff727ff56f0
                                                                                                                                                                                                    0x7ff727ff56f8
                                                                                                                                                                                                    0x7ff727ff56fa
                                                                                                                                                                                                    0x7ff727ff56fe
                                                                                                                                                                                                    0x7ff727ff5706
                                                                                                                                                                                                    0x7ff727ff5708
                                                                                                                                                                                                    0x7ff727ff570c
                                                                                                                                                                                                    0x7ff727ff571e
                                                                                                                                                                                                    0x7ff727ff5724
                                                                                                                                                                                                    0x7ff727ff5729
                                                                                                                                                                                                    0x7ff727ff572e
                                                                                                                                                                                                    0x7ff727ff5733
                                                                                                                                                                                                    0x7ff727ff573a
                                                                                                                                                                                                    0x7ff727ff5743
                                                                                                                                                                                                    0x7ff727ff5748
                                                                                                                                                                                                    0x7ff727ff5751
                                                                                                                                                                                                    0x7ff727ff5759
                                                                                                                                                                                                    0x7ff727ff5761
                                                                                                                                                                                                    0x7ff727ff5783

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: f24478f95e3a0eeb8cc74fcbd0085942c264e63632729c83631c048cfd9381a0
                                                                                                                                                                                                    • Instruction ID: 19799aaec153c65b8f4a45796819a7c865f4a435f8903148710443e5bd9cdff0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f24478f95e3a0eeb8cc74fcbd0085942c264e63632729c83631c048cfd9381a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD516A33619F95C5DB609F15E88022CB7A4F749B88F988032EB8D477A4DF38D592CB61
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFC520 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF77FF727FFC520(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, intOrPtr* __r9) {
				void* _t51;
				void* _t52;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t81;
				long long _t82;
				long long* _t94;
				intOrPtr* _t95;
				long long _t97;
				long long _t98;
				long long* _t100;
				intOrPtr* _t101;
				long long _t111;
				intOrPtr* _t112;
				void* _t114;
				void* _t115;
				void* _t121;
				long long* _t122;

				 *((long long*)(_t114 + 8)) = __rbx;
				 *((long long*)(_t114 + 0x10)) = _t111;
				 *((long long*)(_t114 + 0x18)) = __rsi;
				 *((long long*)(_t114 + 0x20)) = __rdi;
				_t115 = _t114 - 0x50;
				_t71 =  *((intOrPtr*)(__r8));
				_t122 = __rdx;
				_t112 = __rcx;
				if (_t71 == 0) goto 0x27ffc55a;
				if (_t71 ==  *__rcx) goto 0x27ffc55f;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r8 + 8)) !=  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x30))))) goto 0x27ffc5a3;
				_t72 =  *__r9;
				if (_t72 == 0) goto 0x27ffc577;
				if (_t72 ==  *__rcx) goto 0x27ffc57c;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r9 + 8)) !=  *((intOrPtr*)(__rcx + 0x30))) goto 0x27ffc5a3;
				E00007FF77FF727FFCB50(__r8, __rcx, __r9, _t121);
				 *((long long*)(_t122 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x30))));
				 *_t122 =  *_t112;
				goto 0x27ffc6a6;
				_t75 =  *((intOrPtr*)(__r8));
				if (_t75 == 0) goto 0x27ffc5b0;
				if (_t75 ==  *__r9) goto 0x27ffc5b5;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__r8 + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0x27ffc66e;
				_t94 = _t115 + 0x20;
				 *_t94 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t94 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *__r8 != 0) goto 0x27ffc5e1;
				E00007FF77FF7280044B8();
				_t79 =  *((intOrPtr*)(__r8 + 8));
				if ( *((char*)(_t79 + 0x29)) == 0) goto 0x27ffc5f2;
				E00007FF77FF7280044B8();
				goto 0x27ffc64c;
				_t95 =  *((intOrPtr*)(_t79 + 0x10));
				if ( *((char*)(_t95 + 0x29)) != 0) goto 0x27ffc61e;
				_t80 =  *_t95;
				if ( *((char*)(_t80 + 0x29)) != 0) goto 0x27ffc648;
				asm("o16 nop [eax+eax]");
				_t81 =  *_t80;
				if ( *((char*)(_t81 + 0x29)) == 0) goto 0x27ffc610;
				goto 0x27ffc648;
				_t97 =  *((intOrPtr*)(_t81 + 8));
				if ( *((char*)(_t97 + 0x29)) != 0) goto 0x27ffc648;
				_t82 =  *((intOrPtr*)(_t97 + 0x10));
				if ( *((intOrPtr*)(__r8 + 8)) != _t82) goto 0x27ffc648;
				 *((long long*)(__r8 + 8)) = _t97;
				_t98 =  *((intOrPtr*)(_t97 + 8));
				if ( *((char*)(_t98 + 0x29)) == 0) goto 0x27ffc630;
				 *((long long*)(__r8 + 8)) = _t98;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t51 = E00007FF77FF727FFC760(_t52, __r8, _t112, _t115 + 0x40, __r9, _t115 + 0x30, __r9);
				goto 0x27ffc5a3;
				_t100 = _t115 + 0x30;
				 *_t100 = _t82;
				 *((long long*)(_t100 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t101 = _t115 + 0x20;
				 *((long long*)(_t115 + 0x28)) =  *((intOrPtr*)(_t115 + 0x38));
				 *((long long*)(_t115 + 0x20)) =  *_t112;
				 *_t122 =  *_t101;
				 *((long long*)(_t122 + 8)) =  *((intOrPtr*)(_t101 + 8));
				return _t51;
			}
























                                                                                                                                                                                                    0x7ff727ffc520
                                                                                                                                                                                                    0x7ff727ffc525
                                                                                                                                                                                                    0x7ff727ffc52a
                                                                                                                                                                                                    0x7ff727ffc52f
                                                                                                                                                                                                    0x7ff727ffc536
                                                                                                                                                                                                    0x7ff727ffc547
                                                                                                                                                                                                    0x7ff727ffc54a
                                                                                                                                                                                                    0x7ff727ffc54d
                                                                                                                                                                                                    0x7ff727ffc553
                                                                                                                                                                                                    0x7ff727ffc558
                                                                                                                                                                                                    0x7ff727ffc55a
                                                                                                                                                                                                    0x7ff727ffc563
                                                                                                                                                                                                    0x7ff727ffc565
                                                                                                                                                                                                    0x7ff727ffc56f
                                                                                                                                                                                                    0x7ff727ffc575
                                                                                                                                                                                                    0x7ff727ffc577
                                                                                                                                                                                                    0x7ff727ffc580
                                                                                                                                                                                                    0x7ff727ffc585
                                                                                                                                                                                                    0x7ff727ffc591
                                                                                                                                                                                                    0x7ff727ffc59a
                                                                                                                                                                                                    0x7ff727ffc59e
                                                                                                                                                                                                    0x7ff727ffc5a3
                                                                                                                                                                                                    0x7ff727ffc5a9
                                                                                                                                                                                                    0x7ff727ffc5ae
                                                                                                                                                                                                    0x7ff727ffc5b0
                                                                                                                                                                                                    0x7ff727ffc5c0
                                                                                                                                                                                                    0x7ff727ffc5ca
                                                                                                                                                                                                    0x7ff727ffc5cf
                                                                                                                                                                                                    0x7ff727ffc5d6
                                                                                                                                                                                                    0x7ff727ffc5da
                                                                                                                                                                                                    0x7ff727ffc5dc
                                                                                                                                                                                                    0x7ff727ffc5e1
                                                                                                                                                                                                    0x7ff727ffc5e9
                                                                                                                                                                                                    0x7ff727ffc5eb
                                                                                                                                                                                                    0x7ff727ffc5f0
                                                                                                                                                                                                    0x7ff727ffc5f2
                                                                                                                                                                                                    0x7ff727ffc5fa
                                                                                                                                                                                                    0x7ff727ffc5fc
                                                                                                                                                                                                    0x7ff727ffc603
                                                                                                                                                                                                    0x7ff727ffc605
                                                                                                                                                                                                    0x7ff727ffc613
                                                                                                                                                                                                    0x7ff727ffc61a
                                                                                                                                                                                                    0x7ff727ffc61c
                                                                                                                                                                                                    0x7ff727ffc61e
                                                                                                                                                                                                    0x7ff727ffc626
                                                                                                                                                                                                    0x7ff727ffc630
                                                                                                                                                                                                    0x7ff727ffc638
                                                                                                                                                                                                    0x7ff727ffc63a
                                                                                                                                                                                                    0x7ff727ffc63e
                                                                                                                                                                                                    0x7ff727ffc646
                                                                                                                                                                                                    0x7ff727ffc648
                                                                                                                                                                                                    0x7ff727ffc64c
                                                                                                                                                                                                    0x7ff727ffc65e
                                                                                                                                                                                                    0x7ff727ffc664
                                                                                                                                                                                                    0x7ff727ffc669
                                                                                                                                                                                                    0x7ff727ffc66e
                                                                                                                                                                                                    0x7ff727ffc673
                                                                                                                                                                                                    0x7ff727ffc67a
                                                                                                                                                                                                    0x7ff727ffc683
                                                                                                                                                                                                    0x7ff727ffc688
                                                                                                                                                                                                    0x7ff727ffc691
                                                                                                                                                                                                    0x7ff727ffc699
                                                                                                                                                                                                    0x7ff727ffc6a1
                                                                                                                                                                                                    0x7ff727ffc6c3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 3f9fb94ebf619a72e56c9b87b2a251ac8c4213fab99a0683694bafe1793dd332
                                                                                                                                                                                                    • Instruction ID: 19367b0547582a5477491c6efc342a02c43c5f63d71685b34600fefe5675c07a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f9fb94ebf619a72e56c9b87b2a251ac8c4213fab99a0683694bafe1793dd332
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B516D3260EF9585DB609F19D94026CB3A0FB49F88F988032DA8D477A4DF3CD592CB65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFD490 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF727FFD490(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r12, void* __r13, void* __r14, long long _a8, long long _a16, long long _a24, long long _a32) {

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
			}



                                                                                                                                                                                                    0x7ff727ffd490
                                                                                                                                                                                                    0x7ff727ffd495
                                                                                                                                                                                                    0x7ff727ffd49a
                                                                                                                                                                                                    0x7ff727ffd49f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 9adf0773738e164250931235ba60c9b3937481e2f1625136ecae2f05f93c4938
                                                                                                                                                                                                    • Instruction ID: 2e4e5b52fb4c100a71aea58b03bb047720e269d0602206d7a1a207fbe0455356
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9adf0773738e164250931235ba60c9b3937481e2f1625136ecae2f05f93c4938
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44419A63708B5585DA20AF16E91016DF3A4FB48BCCB984132EE8C07B98DE7CE143CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF4E70 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF77FF727FF4E70(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				void* _t33;
				intOrPtr _t46;
				intOrPtr* _t54;
				intOrPtr _t57;
				long long* _t58;
				intOrPtr* _t60;
				signed long long _t67;
				long long _t69;
				intOrPtr _t85;
				long long _t86;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t57 =  *((intOrPtr*)(__rcx + 0x20));
				_t85 =  *((intOrPtr*)(__rcx + 0x18));
				if ((_t57 - _t85 & 0xfffffff0) != 0) goto 0x27ff4eb7;
				goto 0x27ff4edf;
				if (_t85 - _t57 <= 0) goto 0x27ff4ec1;
				E00007FF77FF7280044B8();
				_t46 =  *((intOrPtr*)(__r8));
				if (_t46 == 0) goto 0x27ff4ecf;
				if (_t46 ==  *((intOrPtr*)(__rcx))) goto 0x27ff4ed4;
				E00007FF77FF7280044B8();
				_t67 =  *((intOrPtr*)(__r8 + 8)) - _t85 >> 4;
				_t58 =  &_v40;
				 *_t58 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				r8d = 1;
				E00007FF77FF727FF5790(__rcx, __rcx,  &_v40, __rsi, __r8, __r9);
				_t86 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t86 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x27ff4f18;
				E00007FF77FF7280044B8();
				_t54 =  *((intOrPtr*)(__rcx));
				_v32 = _t86;
				_v40 = _t54;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x20], xmm0");
				if (_t54 != 0) goto 0x27ff4f3f;
				E00007FF77FF7280044B8();
				goto 0x27ff4f42;
				_t69 = (_t67 << 4) + _t86;
				if (_t69 -  *((intOrPtr*)( *_t54 + 0x20)) > 0) goto 0x27ff4f5d;
				if (_t54 == 0) goto 0x27ff4f57;
				if (_t69 -  *((intOrPtr*)( *_t54 + 0x18)) >= 0) goto 0x27ff4f62;
				_t33 = E00007FF77FF7280044B8();
				_v32 = _t69;
				_t60 =  &_v40;
				 *__rdx =  *_t60;
				_a8 =  *((intOrPtr*)(_t60 + 8));
				return _t33;
			}















                                                                                                                                                                                                    0x7ff727ff4e70
                                                                                                                                                                                                    0x7ff727ff4e75
                                                                                                                                                                                                    0x7ff727ff4e7a
                                                                                                                                                                                                    0x7ff727ff4e7f
                                                                                                                                                                                                    0x7ff727ff4e91
                                                                                                                                                                                                    0x7ff727ff4e97
                                                                                                                                                                                                    0x7ff727ff4eb0
                                                                                                                                                                                                    0x7ff727ff4eb5
                                                                                                                                                                                                    0x7ff727ff4eba
                                                                                                                                                                                                    0x7ff727ff4ebc
                                                                                                                                                                                                    0x7ff727ff4ec1
                                                                                                                                                                                                    0x7ff727ff4ec8
                                                                                                                                                                                                    0x7ff727ff4ecd
                                                                                                                                                                                                    0x7ff727ff4ecf
                                                                                                                                                                                                    0x7ff727ff4edb
                                                                                                                                                                                                    0x7ff727ff4ee3
                                                                                                                                                                                                    0x7ff727ff4eed
                                                                                                                                                                                                    0x7ff727ff4ef7
                                                                                                                                                                                                    0x7ff727ff4efe
                                                                                                                                                                                                    0x7ff727ff4f04
                                                                                                                                                                                                    0x7ff727ff4f09
                                                                                                                                                                                                    0x7ff727ff4f11
                                                                                                                                                                                                    0x7ff727ff4f13
                                                                                                                                                                                                    0x7ff727ff4f18
                                                                                                                                                                                                    0x7ff727ff4f1b
                                                                                                                                                                                                    0x7ff727ff4f20
                                                                                                                                                                                                    0x7ff727ff4f25
                                                                                                                                                                                                    0x7ff727ff4f2a
                                                                                                                                                                                                    0x7ff727ff4f33
                                                                                                                                                                                                    0x7ff727ff4f35
                                                                                                                                                                                                    0x7ff727ff4f3d
                                                                                                                                                                                                    0x7ff727ff4f46
                                                                                                                                                                                                    0x7ff727ff4f4d
                                                                                                                                                                                                    0x7ff727ff4f52
                                                                                                                                                                                                    0x7ff727ff4f5b
                                                                                                                                                                                                    0x7ff727ff4f5d
                                                                                                                                                                                                    0x7ff727ff4f6c
                                                                                                                                                                                                    0x7ff727ff4f76
                                                                                                                                                                                                    0x7ff727ff4f7e
                                                                                                                                                                                                    0x7ff727ff4f86
                                                                                                                                                                                                    0x7ff727ff4f9c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 0dfe290ad0cdf64aa43669a68593f605fd5eb979421ae91750d4b89d46ba8f38
                                                                                                                                                                                                    • Instruction ID: 01247cdd45c732f217bfcfcf0b5d1476b4ab64204c681b27f0591a6b48857a84
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dfe290ad0cdf64aa43669a68593f605fd5eb979421ae91750d4b89d46ba8f38
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8318F22708B8581DB20AF15E90016DF3A4FB49B98F984132EE9C17BD8DF3CE642CB55
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728004BB8 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001,00007FF7280047AB), ref: 00007FF728004BE1
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001,00007FF7280047AB), ref: 00007FF728004BF0
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001,00007FF7280047AB), ref: 00007FF728004C6D
                                                                                                                                                                                                      • Part of subcall function 00007FF72800A664: realloc.LIBCMT ref: 00007FF72800A68F
                                                                                                                                                                                                      • Part of subcall function 00007FF72800A664: Sleep.KERNEL32(?,?,00000000,00007FF728004C5D,?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001), ref: 00007FF72800A6AB
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001,00007FF7280047AB), ref: 00007FF728004C7C
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF728004CC9,?,?,?,?,00007FF7280056F2,?,?,00000001,00007FF7280047AB), ref: 00007FF728004C88
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode$Sleep_errnorealloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1310268301-0
                                                                                                                                                                                                    • Opcode ID: da3e88b1a8b197b5a9bc03744fcc4c4a517e23ff6b81ad0f1ee5100b1ca44848
                                                                                                                                                                                                    • Instruction ID: 6890451307ba2ad92f65ec7d85cbd18670210973dc86cfd395ce5c17cbd2018c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: da3e88b1a8b197b5a9bc03744fcc4c4a517e23ff6b81ad0f1ee5100b1ca44848
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21E521B09A0250EA60BB52ED58479E391FB847C4FC48837D92D073D6EE7EE4808B2D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801A424 Relevance: 7.6, APIs: 5, Instructions: 68threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                                                    			E00007FF77FF72801A424(void* __edx, intOrPtr* __rax, signed int __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, long long __r9, long long _a8, long long _a16, char _a24, long long _a32, signed int _a40, intOrPtr _a48) {
				long long _v32;
				signed int _v40;
				void* __rdi;
				long _t28;
				intOrPtr* _t45;
				intOrPtr _t50;
				void* _t56;
				intOrPtr* _t57;
				long long _t59;

				_t53 = __rdx;
				_t48 = __rcx;
				_t46 = __rbx;
				_t45 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t59 = __r8;
				r12d = __edx;
				if (__r8 != 0) goto 0x2801a473;
				E00007FF77FF7280078AC(__rax);
				_v40 = _v40 & __rbx;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF77FF728004430(__rax, __rbx, __rcx, __rdx, __r8, __r9, __r8);
				goto 0x2801a50a;
				E00007FF77FF72801384C();
				E00007FF77FF72800A5E0(_t46, _t48, _t53, _t56, _t59, __r9);
				_t57 = _t45;
				if (_t45 == 0) goto 0x2801a4f7;
				E00007FF77FF72800B93C(1, _t45, _t45);
				E00007FF77FF72800B804(_t46, _t57,  *((intOrPtr*)(_t45 + 0xc0)));
				_t50 = _a48;
				 *(_t57 + 8) =  *(_t57 + 8) | 0xffffffff;
				_t69 =  !=  ? _t50 :  &_a24;
				_v32 =  !=  ? _t50 :  &_a24;
				 *((long long*)(_t57 + 0x90)) = _t59;
				 *((long long*)(_t57 + 0x98)) = __r9;
				_v40 = _a40;
				CreateThread(??, ??, ??, ??, ??, ??);
				if (_t45 != 0) goto 0x2801a50c;
				_t28 = GetLastError();
				free(??);
				if (_t28 == 0) goto 0x2801a50a;
				E00007FF77FF7280078EC(_t28, _t45);
				return 0;
			}












                                                                                                                                                                                                    0x7ff72801a424
                                                                                                                                                                                                    0x7ff72801a424
                                                                                                                                                                                                    0x7ff72801a424
                                                                                                                                                                                                    0x7ff72801a424
                                                                                                                                                                                                    0x7ff72801a424
                                                                                                                                                                                                    0x7ff72801a429
                                                                                                                                                                                                    0x7ff72801a42e
                                                                                                                                                                                                    0x7ff72801a441
                                                                                                                                                                                                    0x7ff72801a444
                                                                                                                                                                                                    0x7ff72801a44d
                                                                                                                                                                                                    0x7ff72801a44f
                                                                                                                                                                                                    0x7ff72801a454
                                                                                                                                                                                                    0x7ff72801a459
                                                                                                                                                                                                    0x7ff72801a45c
                                                                                                                                                                                                    0x7ff72801a463
                                                                                                                                                                                                    0x7ff72801a469
                                                                                                                                                                                                    0x7ff72801a46e
                                                                                                                                                                                                    0x7ff72801a473
                                                                                                                                                                                                    0x7ff72801a482
                                                                                                                                                                                                    0x7ff72801a487
                                                                                                                                                                                                    0x7ff72801a48d
                                                                                                                                                                                                    0x7ff72801a48f
                                                                                                                                                                                                    0x7ff72801a49e
                                                                                                                                                                                                    0x7ff72801a4a3
                                                                                                                                                                                                    0x7ff72801a4a8
                                                                                                                                                                                                    0x7ff72801a4b9
                                                                                                                                                                                                    0x7ff72801a4c3
                                                                                                                                                                                                    0x7ff72801a4d2
                                                                                                                                                                                                    0x7ff72801a4d9
                                                                                                                                                                                                    0x7ff72801a4e0
                                                                                                                                                                                                    0x7ff72801a4e4
                                                                                                                                                                                                    0x7ff72801a4ed
                                                                                                                                                                                                    0x7ff72801a4ef
                                                                                                                                                                                                    0x7ff72801a4fa
                                                                                                                                                                                                    0x7ff72801a501
                                                                                                                                                                                                    0x7ff72801a505
                                                                                                                                                                                                    0x7ff72801a524

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDecodeErrorLastPointerThread_errno_getptdfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 220819306-0
                                                                                                                                                                                                    • Opcode ID: ece87a1fc5feb03447c1b275c00dd7aa7aefcaa37945c33b4158078beb98526a
                                                                                                                                                                                                    • Instruction ID: 1f52626d845974816d354b0225f8bee3b59c85cac95cd6984112504da209e3ea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ece87a1fc5feb03447c1b275c00dd7aa7aefcaa37945c33b4158078beb98526a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A219C21A0874146F724FB66AD41669F295FF84BA0F844236EF6D43BD6DF3DE0508B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728018120 Relevance: 7.6, APIs: 5, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF77FF728018120(void* __ebx, void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, void* __r9, long long __r12, signed char _a8, long long _a16, long long _a24) {
				void* __rsi;
				void* _t27;
				void* _t29;
				void* _t30;
				intOrPtr _t46;
				intOrPtr* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				long long _t65;

				_t30 = __edx;
				_t29 = __ecx;
				_a24 = __rbx;
				_t46 =  *((intOrPtr*)(__rcx + 0x20));
				_t54 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t46 <= 0) goto 0x2801813e;
				E00007FF77FF7280044B8();
				_t55 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t55 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x2801814d;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t55 > 0) goto 0x28018159;
				if (_t55 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x2801815e;
				E00007FF77FF7280044B8();
				_t57 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t46 > 0) goto 0x2801816d;
				if (_t46 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x28018172;
				E00007FF77FF7280044B8();
				if (_t57 == 0) goto 0x2801817c;
				if (_t57 ==  *__rcx) goto 0x28018181;
				E00007FF77FF7280044B8();
				if (_t55 == _t46) goto 0x280181e4;
				_t58 =  *((intOrPtr*)(__rcx + 0x20));
				_a16 = __r12;
				_t65 = _t55 + (_t58 - _t46 >> 3) * 8;
				if (_t46 == _t58) goto 0x280181c5;
				asm("o16 nop [eax+eax]");
				E00007FF77FF7280169F0(_t46, _t55 - _t46 + _t46, _t46);
				if (_t46 + 8 != _t58) goto 0x280181b0;
				r9d = _a8 & 0x000000ff;
				_t27 = E00007FF77FF728017D10(__ebx, _t29, _t30, _t58 - _t46 >> 3, _t46 + 8, _t65,  *((intOrPtr*)(_t54 + 0x20)), _t55 - _t46, _t54 + 0x10, __r9);
				 *((long long*)(_t54 + 0x20)) = _t65;
				return _t27;
			}













                                                                                                                                                                                                    0x7ff728018120
                                                                                                                                                                                                    0x7ff728018120
                                                                                                                                                                                                    0x7ff728018120
                                                                                                                                                                                                    0x7ff72801812c
                                                                                                                                                                                                    0x7ff728018130
                                                                                                                                                                                                    0x7ff728018137
                                                                                                                                                                                                    0x7ff728018139
                                                                                                                                                                                                    0x7ff72801813e
                                                                                                                                                                                                    0x7ff728018146
                                                                                                                                                                                                    0x7ff728018148
                                                                                                                                                                                                    0x7ff728018151
                                                                                                                                                                                                    0x7ff728018157
                                                                                                                                                                                                    0x7ff728018159
                                                                                                                                                                                                    0x7ff72801815e
                                                                                                                                                                                                    0x7ff728018165
                                                                                                                                                                                                    0x7ff72801816b
                                                                                                                                                                                                    0x7ff72801816d
                                                                                                                                                                                                    0x7ff728018175
                                                                                                                                                                                                    0x7ff72801817a
                                                                                                                                                                                                    0x7ff72801817c
                                                                                                                                                                                                    0x7ff728018184
                                                                                                                                                                                                    0x7ff728018186
                                                                                                                                                                                                    0x7ff72801818a
                                                                                                                                                                                                    0x7ff728018199
                                                                                                                                                                                                    0x7ff7280181a0
                                                                                                                                                                                                    0x7ff7280181a5
                                                                                                                                                                                                    0x7ff7280181b7
                                                                                                                                                                                                    0x7ff7280181c3
                                                                                                                                                                                                    0x7ff7280181c5
                                                                                                                                                                                                    0x7ff7280181d6
                                                                                                                                                                                                    0x7ff7280181db
                                                                                                                                                                                                    0x7ff7280181f0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 94e8535373d5eee8c31459157ca0df03a4c9a942121b1679b2ccc5edc3a1f7ea
                                                                                                                                                                                                    • Instruction ID: 17bdd5ecc2a5db96a26647569cfaa49e5b867e3a86c0e2c6d553bedb7d7ceccb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94e8535373d5eee8c31459157ca0df03a4c9a942121b1679b2ccc5edc3a1f7ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73219523B14A529AD9307B119D000A8E3A8FB05754F9C1133DB9C07AC5EF2AE5A1CB7C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF9D30 Relevance: 7.5, APIs: 5, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF727FF9D30(long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t23;
				void* _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t46;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t43 =  *((intOrPtr*)(__rcx + 0x20));
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t43 <= 0) goto 0x27ff9d56;
				E00007FF77FF7280044B8();
				_t41 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t41 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x27ff9d65;
				E00007FF77FF7280044B8();
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t41 > 0) goto 0x27ff9d71;
				if (_t41 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x27ff9d76;
				E00007FF77FF7280044B8();
				_t46 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t43 > 0) goto 0x27ff9d85;
				if (_t43 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0x27ff9d8a;
				E00007FF77FF7280044B8();
				if (_t46 == 0) goto 0x27ff9d94;
				if (_t46 ==  *__rcx) goto 0x27ff9d99;
				E00007FF77FF7280044B8();
				if (_t41 == _t43) goto 0x27ff9dc0;
				_t40 =  *((intOrPtr*)(__rcx + 0x20)) - _t43;
				if (_t40 <= 0) goto 0x27ff9dbc;
				_t23 = E00007FF77FF728004070(_t41, _t40, _t43, _t40);
				 *((long long*)(__rcx + 0x20)) = _t40 + _t41;
				return _t23;
			}








                                                                                                                                                                                                    0x7ff727ff9d30
                                                                                                                                                                                                    0x7ff727ff9d35
                                                                                                                                                                                                    0x7ff727ff9d3a
                                                                                                                                                                                                    0x7ff727ff9d44
                                                                                                                                                                                                    0x7ff727ff9d4f
                                                                                                                                                                                                    0x7ff727ff9d51
                                                                                                                                                                                                    0x7ff727ff9d56
                                                                                                                                                                                                    0x7ff727ff9d5e
                                                                                                                                                                                                    0x7ff727ff9d60
                                                                                                                                                                                                    0x7ff727ff9d69
                                                                                                                                                                                                    0x7ff727ff9d6f
                                                                                                                                                                                                    0x7ff727ff9d71
                                                                                                                                                                                                    0x7ff727ff9d76
                                                                                                                                                                                                    0x7ff727ff9d7d
                                                                                                                                                                                                    0x7ff727ff9d83
                                                                                                                                                                                                    0x7ff727ff9d85
                                                                                                                                                                                                    0x7ff727ff9d8d
                                                                                                                                                                                                    0x7ff727ff9d92
                                                                                                                                                                                                    0x7ff727ff9d94
                                                                                                                                                                                                    0x7ff727ff9d9c
                                                                                                                                                                                                    0x7ff727ff9da2
                                                                                                                                                                                                    0x7ff727ff9dac
                                                                                                                                                                                                    0x7ff727ff9db7
                                                                                                                                                                                                    0x7ff727ff9dbc
                                                                                                                                                                                                    0x7ff727ff9dd4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 395423532e8a034f72e2356662622c31c4559b370181be70f9e98b2c9a67ad87
                                                                                                                                                                                                    • Instruction ID: ee176f023d9030e6ff5782a226b0ed2b6250686025f091fa8ea6fcad36922487
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 395423532e8a034f72e2356662622c31c4559b370181be70f9e98b2c9a67ad87
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7116362A0CE4181E770BF15DA0406DE3A4EB05FC4BA54132DE9C576CACF29E5538BA6
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800CB08 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: 51358f02df6aa1c520c902237605ff6eac71f778f40a86b1a1b9eb1d44f505ae
                                                                                                                                                                                                    • Instruction ID: 0af7956e63596b9b3817e454711b82ce5868f599e5bce4fb5a893d28d0414202
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51358f02df6aa1c520c902237605ff6eac71f778f40a86b1a1b9eb1d44f505ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD01A521B69B0182E7A09F21ED90565F360FB49BA0FC42632DE5E477E0CE3DD9848B24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801A384 Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ThreadValue$CurrentErrorExitLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1808566232-0
                                                                                                                                                                                                    • Opcode ID: 94f429541888e2a87e9ddcd7a9c91dd1b61d2b74d0858537a8fdef3fe104ab33
                                                                                                                                                                                                    • Instruction ID: fbf769cd65038588fc5940b0a3fcbaa771b2c3bcf853bcfa0b201706bebe9dd9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94f429541888e2a87e9ddcd7a9c91dd1b61d2b74d0858537a8fdef3fe104ab33
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65115B24E09B0781EA30BB71DD5A3B8E294EF44B50F845436D81D463D2FE3EA4508B38
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF4750 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                    			E00007FF77FF727FF4750(intOrPtr* __rcx) {
				void* __rbx;
				void* _t6;
				void* _t7;
				void* _t10;
				intOrPtr* _t11;
				intOrPtr* _t13;
				intOrPtr* _t14;
				void* _t20;
				void* _t21;
				void* _t24;

				_t14 =  *((intOrPtr*)(__rcx));
				_t11 = _t14;
				if (_t11 == 0) goto 0x27ff47a5;
				asm("lock add dword [ebx+0x8], 0xffffffff");
				if (_t11 != 0) goto 0x27ff47a5;
				_t13 =  *_t14;
				 *_t13();
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0x27ff47a5;
				_t1 = _t13 + 0x49; // 0x49
				r9d = _t1;
				return E00007FF77FF72802AB00(_t6, _t7, _t10, _t14, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t20, _t21, "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp", _t24);
			}













                                                                                                                                                                                                    0x7ff727ff4756
                                                                                                                                                                                                    0x7ff727ff4759
                                                                                                                                                                                                    0x7ff727ff475c
                                                                                                                                                                                                    0x7ff727ff475e
                                                                                                                                                                                                    0x7ff727ff4763
                                                                                                                                                                                                    0x7ff727ff4765
                                                                                                                                                                                                    0x7ff727ff476d
                                                                                                                                                                                                    0x7ff727ff476f
                                                                                                                                                                                                    0x7ff727ff4785
                                                                                                                                                                                                    0x7ff727ff4787
                                                                                                                                                                                                    0x7ff727ff4787
                                                                                                                                                                                                    0x7ff727ff47aa

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • void __cdecl boost::detail::free_raw_heap_memory(void *), xrefs: 00007FF727FF4792
                                                                                                                                                                                                    • detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0, xrefs: 00007FF727FF4799
                                                                                                                                                                                                    • D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp, xrefs: 00007FF727FF478B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 3859560861-3333080286
                                                                                                                                                                                                    • Opcode ID: bbd1b308470604d059fc8b3b034bf7eafb81cdd28000ebdae6b9dc5dbe87673a
                                                                                                                                                                                                    • Instruction ID: 41672718ade5ed35da005190363d7df3f284b88d01f83a54ce7788fa775ce7fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbd1b308470604d059fc8b3b034bf7eafb81cdd28000ebdae6b9dc5dbe87673a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEF09062E09A0782FB24AF22ED405B4E350FF96B44B898032C51D062F0EE3DD64ACB25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF4110 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 18memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF77FF727FF4110(void* __rax, void* __rcx) {
				void* __rbx;
				void* _t5;
				void* _t6;
				void* _t8;
				void* _t10;
				void* _t16;
				void* _t17;
				void* _t20;

				_t10 = __rax;
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0x27ff414f;
				_t1 = _t10 + 0x49; // 0x49
				r9d = _t1;
				return E00007FF77FF72802AB00(_t5, _t6, _t8, __rcx, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t16, _t17, "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp", _t20);
			}











                                                                                                                                                                                                    0x7ff727ff4110
                                                                                                                                                                                                    0x7ff727ff4119
                                                                                                                                                                                                    0x7ff727ff412f
                                                                                                                                                                                                    0x7ff727ff4131
                                                                                                                                                                                                    0x7ff727ff4131
                                                                                                                                                                                                    0x7ff727ff4154

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • void __cdecl boost::detail::free_raw_heap_memory(void *), xrefs: 00007FF727FF413C
                                                                                                                                                                                                    • detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0, xrefs: 00007FF727FF4143
                                                                                                                                                                                                    • D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp, xrefs: 00007FF727FF4135
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 3859560861-3333080286
                                                                                                                                                                                                    • Opcode ID: 390c634eb8512d6bd36f964db49dd20d87de3fa4aeae6bde1dec52a086757f87
                                                                                                                                                                                                    • Instruction ID: 0ba7b791403a1ec7ebd0624d52aaa1667924c043098763fc9eea1ab306678c63
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 390c634eb8512d6bd36f964db49dd20d87de3fa4aeae6bde1dec52a086757f87
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0E04860E05E4792FB35BF62EE415B0D311EF64745FC54032C50D062B1EE3D9259CB24
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728009B04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00007FF77FF728009B04(void* __ebx, void* __ecx, void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __r8, signed long long __r9) {
				void* __rsi;
				void* __rbp;
				intOrPtr _t102;
				void* _t107;
				void* _t123;
				long long _t126;
				void* _t127;
				void* _t128;
				long long _t170;
				intOrPtr* _t174;
				long long _t177;
				void* _t179;
				void* _t180;
				signed long long _t191;
				void* _t194;

				_t123 = __rax;
				_t107 = __edi;
				_t104 = __ecx;
				 *((long long*)(_t179 + 0x10)) = __rbx;
				 *((long long*)(_t179 + 0x18)) = __r8;
				_t180 = _t179 - 0x70;
				_t191 = __r9;
				_t194 = __rdx;
				_t174 = __rcx;
				if ( *__rcx == 0x80000003) goto 0x28009d30;
				E00007FF77FF72800B93C(__ecx,  *__rcx - 0x80000003, __rax);
				r15d =  *((intOrPtr*)(_t180 + 0xe0));
				_t177 =  *((intOrPtr*)(_t180 + 0xd0));
				if ( *((long long*)(_t123 + 0xe0)) == 0) goto 0x28009ba2;
				E00007FF77FF72800B93C(_t104,  *((long long*)(_t123 + 0xe0)), _t123);
				E00007FF77FF72800B7B0();
				if ( *((intOrPtr*)(_t123 + 0xe0)) == _t123) goto 0x28009ba2;
				if ( *__rcx == 0xe0434f4d) goto 0x28009ba2;
				 *(_t180 + 0x30) =  *((intOrPtr*)(_t180 + 0xe8));
				 *((intOrPtr*)(_t180 + 0x28)) = r15d;
				 *((long long*)(_t180 + 0x20)) = _t177;
				if (E00007FF77FF728007528(__rcx, __rdx, __r8, __r9) != 0) goto 0x28009d30;
				if ( *((intOrPtr*)(_t177 + 0xc)) != 0) goto 0x28009bad;
				E00007FF77FF728010148( *((intOrPtr*)(_t180 + 0xe8)));
				r12d =  *((intOrPtr*)(_t180 + 0xd8));
				 *(_t180 + 0x30) = __r9;
				 *((long long*)(_t180 + 0x28)) = _t180 + 0x60;
				_t126 = _t180 + 0xb0;
				r8d = r15d;
				r9d = r12d;
				 *((long long*)(_t180 + 0x20)) = _t126;
				E00007FF77FF72800757C(__ebx, _t123, _t177, _t174);
				_t170 = _t126;
				goto 0x28009d26;
				if (r12d -  *_t170 < 0) goto 0x28009d19;
				if (r12d -  *((intOrPtr*)(_t170 + 4)) > 0) goto 0x28009d19;
				E00007FF77FF7280072E8(_t126);
				if ( *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)) == 0) goto 0x28009c44;
				E00007FF77FF7280072E8(_t126);
				E00007FF77FF7280072E8(_t126);
				_t127 = _t126 +  *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10));
				goto 0x28009c46;
				if (_t127 == 0) goto 0x28009c93;
				E00007FF77FF7280072E8(_t127);
				if ( *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)) == 0) goto 0x28009c8b;
				E00007FF77FF7280072E8(_t127);
				E00007FF77FF7280072E8(_t127);
				_t128 = _t127 +  *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10));
				goto 0x28009c8d;
				if ( *((char*)(_t128 + 0x10)) != 0) goto 0x28009d12;
				E00007FF77FF7280072E8(_t128);
				if (( *(_t128 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x14) & 0x00000040) != 0) goto 0x28009d12;
				E00007FF77FF7280072E8(_t128);
				 *((char*)(_t180 + 0x58)) = 0;
				 *((char*)(_t180 + 0x50)) = 1;
				 *((long long*)(_t180 + 0x48)) =  *((intOrPtr*)(_t180 + 0xe8));
				 *((intOrPtr*)(_t180 + 0x40)) = r15d;
				 *((long long*)(_t180 + 0x38)) = _t170;
				 *(_t180 + 0x30) =  *(_t180 + 0x30) & 0x00000000;
				 *((long long*)(_t180 + 0x28)) = _t128 + ( *(_t170 + 0xc) - 1 + ( *(_t170 + 0xc) - 1) * 4) * 4 +  *((intOrPtr*)(_t170 + 0x10));
				 *((long long*)(_t180 + 0x20)) = _t177;
				E00007FF77FF728009A40( *(_t170 + 0xc) - 1, _t107,  *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)), _t174, _t194, _t177,  *((intOrPtr*)(_t180 + 0xc0)), _t191);
				_t102 =  *((intOrPtr*)(_t180 + 0xb0)) + 1;
				 *((intOrPtr*)(_t180 + 0xb0)) = _t102;
				if (_t102 -  *((intOrPtr*)(_t180 + 0x60)) < 0) goto 0x28009bf1;
				return _t102;
			}


















                                                                                                                                                                                                    0x7ff728009b04
                                                                                                                                                                                                    0x7ff728009b04
                                                                                                                                                                                                    0x7ff728009b04
                                                                                                                                                                                                    0x7ff728009b04
                                                                                                                                                                                                    0x7ff728009b09
                                                                                                                                                                                                    0x7ff728009b19
                                                                                                                                                                                                    0x7ff728009b23
                                                                                                                                                                                                    0x7ff728009b29
                                                                                                                                                                                                    0x7ff728009b2c
                                                                                                                                                                                                    0x7ff728009b2f
                                                                                                                                                                                                    0x7ff728009b35
                                                                                                                                                                                                    0x7ff728009b3a
                                                                                                                                                                                                    0x7ff728009b42
                                                                                                                                                                                                    0x7ff728009b52
                                                                                                                                                                                                    0x7ff728009b54
                                                                                                                                                                                                    0x7ff728009b5c
                                                                                                                                                                                                    0x7ff728009b68
                                                                                                                                                                                                    0x7ff728009b70
                                                                                                                                                                                                    0x7ff728009b80
                                                                                                                                                                                                    0x7ff728009b8b
                                                                                                                                                                                                    0x7ff728009b90
                                                                                                                                                                                                    0x7ff728009b9c
                                                                                                                                                                                                    0x7ff728009ba6
                                                                                                                                                                                                    0x7ff728009ba8
                                                                                                                                                                                                    0x7ff728009bad
                                                                                                                                                                                                    0x7ff728009bba
                                                                                                                                                                                                    0x7ff728009bbf
                                                                                                                                                                                                    0x7ff728009bc4
                                                                                                                                                                                                    0x7ff728009bcc
                                                                                                                                                                                                    0x7ff728009bcf
                                                                                                                                                                                                    0x7ff728009bd8
                                                                                                                                                                                                    0x7ff728009bdd
                                                                                                                                                                                                    0x7ff728009be2
                                                                                                                                                                                                    0x7ff728009bec
                                                                                                                                                                                                    0x7ff728009bf4
                                                                                                                                                                                                    0x7ff728009bfe
                                                                                                                                                                                                    0x7ff728009c04
                                                                                                                                                                                                    0x7ff728009c1e
                                                                                                                                                                                                    0x7ff728009c20
                                                                                                                                                                                                    0x7ff728009c3a
                                                                                                                                                                                                    0x7ff728009c3f
                                                                                                                                                                                                    0x7ff728009c42
                                                                                                                                                                                                    0x7ff728009c49
                                                                                                                                                                                                    0x7ff728009c4b
                                                                                                                                                                                                    0x7ff728009c65
                                                                                                                                                                                                    0x7ff728009c67
                                                                                                                                                                                                    0x7ff728009c81
                                                                                                                                                                                                    0x7ff728009c86
                                                                                                                                                                                                    0x7ff728009c89
                                                                                                                                                                                                    0x7ff728009c91
                                                                                                                                                                                                    0x7ff728009c93
                                                                                                                                                                                                    0x7ff728009cad
                                                                                                                                                                                                    0x7ff728009caf
                                                                                                                                                                                                    0x7ff728009cbf
                                                                                                                                                                                                    0x7ff728009cc4
                                                                                                                                                                                                    0x7ff728009ceb
                                                                                                                                                                                                    0x7ff728009cf0
                                                                                                                                                                                                    0x7ff728009cf5
                                                                                                                                                                                                    0x7ff728009cfa
                                                                                                                                                                                                    0x7ff728009d00
                                                                                                                                                                                                    0x7ff728009d08
                                                                                                                                                                                                    0x7ff728009d0d
                                                                                                                                                                                                    0x7ff728009d19
                                                                                                                                                                                                    0x7ff728009d1f
                                                                                                                                                                                                    0x7ff728009d2a
                                                                                                                                                                                                    0x7ff728009d47

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$CallTranslator
                                                                                                                                                                                                    • String ID: MOC
                                                                                                                                                                                                    • API String ID: 3569367362-624257665
                                                                                                                                                                                                    • Opcode ID: 701c7f62758117df9d68805bcdd9943e9059ba62097dbbdcab498742cdacb196
                                                                                                                                                                                                    • Instruction ID: 33fbe05e8ea63880a45a4d306f0f1f9bc3f01bab732c4488f511303052e94d30
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701c7f62758117df9d68805bcdd9943e9059ba62097dbbdcab498742cdacb196
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D261B072A08A8285DA30EB15D8907ADF3A0FB80B89F844533DBAD436D5DF7EE151CB14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728005578 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FF7280055C1,?,?,00000028,00007FF7280048F9,?,?,00000000,00007FF72800A598,?,?,00000000,00007FF72800FED9), ref: 00007FF728005587
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,000000FF,00007FF7280055C1,?,?,00000028,00007FF7280048F9,?,?,00000000,00007FF72800A598,?,?,00000000,00007FF72800FED9), ref: 00007FF72800559C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                    • API String ID: 1646373207-1276376045
                                                                                                                                                                                                    • Opcode ID: 8e88595b131e52f817ebab1db4fb07a491aba47a0bed957ca3a8eab92fd5a99f
                                                                                                                                                                                                    • Instruction ID: 754d5d3ff5e9b7ade1f56b7d44ca13338481d17d51b18befab14ccb6970e4371
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e88595b131e52f817ebab1db4fb07a491aba47a0bed957ca3a8eab92fd5a99f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E0EC20F16A0382FE696B90ED94538D251DF48711FC8543AC46E063D0DE3DA9998B28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728008948 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00007FF77FF728008948(void* __ebx, void* __ecx, signed long long __edx, void* __eflags, long long __rbx, void* __rcx, void* __r8) {
				void* __rsi;
				void* __rbp;
				void* _t133;
				void* _t147;
				void* _t159;
				void* _t163;
				signed long long _t165;
				signed long long _t166;
				signed long long _t167;
				long long _t178;
				signed long long _t183;
				signed long long _t207;
				signed long long _t209;
				intOrPtr _t210;
				void* _t213;
				void* _t214;
				void* _t216;
				signed long long _t217;
				void* _t219;
				signed long long _t220;
				void* _t223;
				signed long long _t224;
				void* _t227;
				void* _t230;
				signed long long _t231;
				void* _t233;
				signed long long _t234;
				void* _t237;
				void* _t239;
				signed long long _t240;

				_t226 = __r8;
				_t137 = __ecx;
				 *((long long*)(_t223 + 0x20)) = __rbx;
				_t224 = _t223 - 0x210;
				_t165 =  *0x28040430; // 0x449f3b8ca6a
				_t166 = _t165 ^ _t224;
				 *(_t224 + 0x200) = _t166;
				_t240 = __edx;
				_t214 = __rcx;
				E00007FF77FF72800B93C(__ecx, __eflags, _t166);
				_t217 = _t166;
				_t167 = _t224 + 0x40;
				r8d = 0x83;
				 *((intOrPtr*)(_t224 + 0x28)) = r15d;
				 *(_t224 + 0x20) = _t167;
				E00007FF77FF728008708(__ebx, __r8, _t224 + 0x70, __r8, _t224 + 0x48);
				if (_t167 != 0) goto 0x280089b5;
				goto 0x28008c24;
				_t183 = _t240 << 5;
				if (E00007FF77FF72800BBE0(_t137, _t224 + 0x70,  *((intOrPtr*)(_t183 + __rcx + 0x48))) == 0) goto 0x28008c1f;
				E00007FF77FF7280070C0(_t114, _t224 + 0x70);
				_t220 = _t167;
				_t12 = _t167 + 5; // 0x5
				E00007FF77FF72800A574(_t147, _t167, _t183, _t12, _t217, _t220);
				_t231 = _t167;
				if (_t167 == 0) goto 0x280089ae;
				_t234 = _t240 + 3;
				 *((long long*)(_t224 + 0x58)) =  *((intOrPtr*)(_t183 + _t214 + 0x48));
				r8d = 6;
				 *(_t224 + 0x50) =  *(_t214 + _t234 * 4);
				 *((long long*)(_t224 + 0x60)) = _t214 + (_t240 + 0x12 + _t240 * 2) * 2;
				E00007FF77FF72800AE90(_t137, _t167, _t224 + 0x68, _t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t226);
				_t28 = _t220 + 1; // 0x1
				_t227 = _t224 + 0x70;
				_t30 = _t231 + 4; // 0x4
				 *((intOrPtr*)(_t224 + 0x44)) =  *((intOrPtr*)(_t214 + 4));
				if (E00007FF77FF72800B72C(_t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t30, _t28, _t217, _t220, _t227) == 0) goto 0x28008a5b;
				 *(_t224 + 0x20) =  *(_t224 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004308();
				_t35 = _t231 + 4; // 0x4
				_t207 = _t224 + 0x48;
				 *((long long*)(_t183 + _t214 + 0x48)) = _t35;
				r8d = 6;
				 *(_t214 + _t234 * 4) =  *(_t224 + 0x48) & 0x0000ffff;
				E00007FF77FF72800AE90(0, E00007FF77FF72800B72C(_t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t30, _t28, _t217, _t220, _t227),  *((intOrPtr*)(_t224 + 0x60)), _t207, _t227);
				if (r15d != 2) goto 0x28008b94;
				r8d = 0;
				 *((intOrPtr*)(_t214 + 4)) =  *((intOrPtr*)(_t224 + 0x40));
				if ( *((intOrPtr*)(_t214 + 4)) ==  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8))) goto 0x28008acd;
				 *((long long*)(_t217 + 0x27c + _t207 * 8)) =  *((intOrPtr*)(_t217 + 0x29c));
				r8d = r8d + 1;
				if (_t207 + 1 - 5 < 0) goto 0x28008aa0;
				goto 0x28008aec;
				if (r8d == 0) goto 0x28008aec;
				_t209 = r8d;
				 *((long long*)(_t217 + 0x27c)) =  *((intOrPtr*)(_t217 + 0x27c + _t209 * 8));
				 *((long long*)(_t217 + 0x27c + _t209 * 8)) =  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8));
				if (r8d != 5) goto 0x28008b88;
				_t63 = _t227 + 0x7a; // 0x7a
				 *((intOrPtr*)(_t224 + 0x38)) = 1;
				 *((intOrPtr*)(_t224 + 0x30)) =  *((intOrPtr*)(_t214 + 0x14));
				 *((intOrPtr*)(_t224 + 0x28)) =  *((intOrPtr*)(_t214 + 4));
				_t69 = _t220 - 0x7e; // -4
				r9d = _t63;
				 *(_t224 + 0x20) = _t224 + 0x100;
				_t159 = E00007FF77FF728012858(_t69, r8d - 5, _t224 + 0x100, _t183,  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8)), _t217, 0x28030d00, _t224 + 0x48, _t239, _t237, _t233);
				if (_t159 == 0) goto 0x28008b78;
				 *(_t224 + 0x100) =  *(_t224 + 0x100) & 0x000001ff;
				if (_t159 != 0) goto 0x28008b3d;
				_t210 =  *0x280403f8; // 0x7ff7280310d4
				r8d = 0xfe;
				 *(_t217 + 0x280) = 0 | E00007FF77FF728014410(0x1ff, _t224 + 0x100, _t210, 0x28030d00) == 0x00000000;
				goto 0x28008b7f;
				 *(_t217 + 0x280) =  *(_t217 + 0x280) & 0x00000000;
				 *((intOrPtr*)(_t217 + 0x27c)) =  *((intOrPtr*)(_t214 + 4));
				 *(_t214 + 0x108) =  *(_t217 + 0x280);
				if (r15d != 1) goto 0x28008ba1;
				 *((intOrPtr*)(_t214 + 8)) =  *((intOrPtr*)(_t224 + 0x40));
				_t133 =  *((intOrPtr*)(0x28030c80 + (_t240 + _t240 * 2) * 8))(_t219);
				_t178 =  *((intOrPtr*)(_t224 + 0x58));
				if (_t133 == 0) goto 0x28008bdd;
				 *((long long*)(_t183 + _t214 + 0x48)) = _t178;
				free(_t230);
				r11d =  *(_t224 + 0x50);
				 *(_t214 + _t234 * 4) = r11d;
				 *((intOrPtr*)(_t214 + 4)) =  *((intOrPtr*)(_t224 + 0x44));
				goto 0x280089ae;
				_t163 = _t178 - 0x28040a20;
				if (_t163 == 0) goto 0x28008c12;
				asm("lock add dword [edx], 0xffffffff");
				if (_t163 != 0) goto 0x28008c12;
				free(_t213);
				free(_t216);
				 *(_t183 + _t214 + 0x50) =  *(_t183 + _t214 + 0x50) & 0x00000000;
				 *_t231 = 1;
				 *(_t183 + _t214 + 0x58) = _t231;
				return E00007FF77FF728004050(E00007FF77FF728014410(0x1ff, _t224 + 0x100, _t210, 0x28030d00) == 0,  *(_t224 + 0x200) ^ _t224,  *(_t183 + _t214 + 0x58), 0x28030d00, _t224 + 0x48);
			}

































                                                                                                                                                                                                    0x7ff728008948
                                                                                                                                                                                                    0x7ff728008948
                                                                                                                                                                                                    0x7ff728008948
                                                                                                                                                                                                    0x7ff728008958
                                                                                                                                                                                                    0x7ff72800895f
                                                                                                                                                                                                    0x7ff728008966
                                                                                                                                                                                                    0x7ff728008969
                                                                                                                                                                                                    0x7ff728008974
                                                                                                                                                                                                    0x7ff728008977
                                                                                                                                                                                                    0x7ff72800897a
                                                                                                                                                                                                    0x7ff728008989
                                                                                                                                                                                                    0x7ff72800898c
                                                                                                                                                                                                    0x7ff728008991
                                                                                                                                                                                                    0x7ff72800899a
                                                                                                                                                                                                    0x7ff72800899f
                                                                                                                                                                                                    0x7ff7280089a4
                                                                                                                                                                                                    0x7ff7280089ac
                                                                                                                                                                                                    0x7ff7280089b0
                                                                                                                                                                                                    0x7ff7280089bd
                                                                                                                                                                                                    0x7ff7280089cd
                                                                                                                                                                                                    0x7ff7280089d8
                                                                                                                                                                                                    0x7ff7280089dd
                                                                                                                                                                                                    0x7ff7280089e0
                                                                                                                                                                                                    0x7ff7280089e4
                                                                                                                                                                                                    0x7ff7280089e9
                                                                                                                                                                                                    0x7ff7280089ef
                                                                                                                                                                                                    0x7ff7280089f6
                                                                                                                                                                                                    0x7ff7280089ff
                                                                                                                                                                                                    0x7ff728008a08
                                                                                                                                                                                                    0x7ff728008a0e
                                                                                                                                                                                                    0x7ff728008a1e
                                                                                                                                                                                                    0x7ff728008a23
                                                                                                                                                                                                    0x7ff728008a2b
                                                                                                                                                                                                    0x7ff728008a2f
                                                                                                                                                                                                    0x7ff728008a34
                                                                                                                                                                                                    0x7ff728008a39
                                                                                                                                                                                                    0x7ff728008a44
                                                                                                                                                                                                    0x7ff728008a46
                                                                                                                                                                                                    0x7ff728008a4c
                                                                                                                                                                                                    0x7ff728008a4f
                                                                                                                                                                                                    0x7ff728008a56
                                                                                                                                                                                                    0x7ff728008a60
                                                                                                                                                                                                    0x7ff728008a65
                                                                                                                                                                                                    0x7ff728008a6a
                                                                                                                                                                                                    0x7ff728008a74
                                                                                                                                                                                                    0x7ff728008a7a
                                                                                                                                                                                                    0x7ff728008a7e
                                                                                                                                                                                                    0x7ff728008a87
                                                                                                                                                                                                    0x7ff728008a91
                                                                                                                                                                                                    0x7ff728008a96
                                                                                                                                                                                                    0x7ff728008aaa
                                                                                                                                                                                                    0x7ff728008ab4
                                                                                                                                                                                                    0x7ff728008abf
                                                                                                                                                                                                    0x7ff728008ac9
                                                                                                                                                                                                    0x7ff728008acb
                                                                                                                                                                                                    0x7ff728008ad0
                                                                                                                                                                                                    0x7ff728008ad2
                                                                                                                                                                                                    0x7ff728008add
                                                                                                                                                                                                    0x7ff728008ae4
                                                                                                                                                                                                    0x7ff728008af0
                                                                                                                                                                                                    0x7ff728008af9
                                                                                                                                                                                                    0x7ff728008afd
                                                                                                                                                                                                    0x7ff728008b05
                                                                                                                                                                                                    0x7ff728008b13
                                                                                                                                                                                                    0x7ff728008b1f
                                                                                                                                                                                                    0x7ff728008b22
                                                                                                                                                                                                    0x7ff728008b27
                                                                                                                                                                                                    0x7ff728008b31
                                                                                                                                                                                                    0x7ff728008b33
                                                                                                                                                                                                    0x7ff728008b42
                                                                                                                                                                                                    0x7ff728008b4d
                                                                                                                                                                                                    0x7ff728008b4f
                                                                                                                                                                                                    0x7ff728008b5e
                                                                                                                                                                                                    0x7ff728008b70
                                                                                                                                                                                                    0x7ff728008b76
                                                                                                                                                                                                    0x7ff728008b78
                                                                                                                                                                                                    0x7ff728008b82
                                                                                                                                                                                                    0x7ff728008b8e
                                                                                                                                                                                                    0x7ff728008b98
                                                                                                                                                                                                    0x7ff728008b9e
                                                                                                                                                                                                    0x7ff728008baf
                                                                                                                                                                                                    0x7ff728008bb4
                                                                                                                                                                                                    0x7ff728008bb9
                                                                                                                                                                                                    0x7ff728008bbe
                                                                                                                                                                                                    0x7ff728008bc3
                                                                                                                                                                                                    0x7ff728008bc8
                                                                                                                                                                                                    0x7ff728008bd1
                                                                                                                                                                                                    0x7ff728008bd5
                                                                                                                                                                                                    0x7ff728008bd8
                                                                                                                                                                                                    0x7ff728008be4
                                                                                                                                                                                                    0x7ff728008be7
                                                                                                                                                                                                    0x7ff728008bee
                                                                                                                                                                                                    0x7ff728008bf2
                                                                                                                                                                                                    0x7ff728008bf9
                                                                                                                                                                                                    0x7ff728008c07
                                                                                                                                                                                                    0x7ff728008c0c
                                                                                                                                                                                                    0x7ff728008c12
                                                                                                                                                                                                    0x7ff728008c1a
                                                                                                                                                                                                    0x7ff728008c4e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3186804695-0
                                                                                                                                                                                                    • Opcode ID: b831a8e5acdfc9b34b1f275e6a2a44ae26707a0638727e3522d71a78b478d697
                                                                                                                                                                                                    • Instruction ID: 65291866244163e975179d0c890a570ad44312ede7ced0d9d29d704b98aa53c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b831a8e5acdfc9b34b1f275e6a2a44ae26707a0638727e3522d71a78b478d697
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10819072A0968296EB24EF25ED806AAF3A0FB44744F904136DB5D43B94DF3DE051CF18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FFC2A0 Relevance: 6.1, APIs: 4, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00007FF77FF727FFC2A0(void* __ebx, void* __edx, void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8, void* __r9) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t55;
				void* _t58;
				void* _t61;
				intOrPtr _t89;
				intOrPtr _t90;
				intOrPtr _t93;
				signed long long _t94;
				intOrPtr _t97;
				intOrPtr* _t101;
				intOrPtr* _t104;
				long long _t110;
				long long* _t113;
				long long* _t114;
				intOrPtr _t123;
				void* _t125;
				signed long long _t129;
				signed long long _t131;
				intOrPtr* _t134;
				void* _t137;
				intOrPtr* _t140;
				void* _t142;
				void* _t143;
				signed long long _t145;
				void* _t147;
				void* _t149;
				intOrPtr* _t150;
				void* _t152;

				_t142 = __r9;
				_t140 = __r8;
				_t136 = __rbp;
				_t61 = __ebp;
				_t143 = _t137;
				 *((long long*)(_t143 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t143 + 0x10)) = __rbx;
				 *((long long*)(_t143 + 0x18)) = __rsi;
				_t150 = __r8;
				_t134 = __rdx;
				_t110 = __rcx;
				_t113 = _t143 - 0x38;
				 *_t113 =  *__r8;
				 *((long long*)(_t113 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t114 = _t143 - 0x48;
				 *_t114 =  *__rdx;
				 *((long long*)(_t114 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t89 =  *((intOrPtr*)(_t143 - 0x38));
				if (_t89 == 0) goto 0x27ffc301;
				if (_t89 ==  *((intOrPtr*)(_t143 - 0x48))) goto 0x27ffc306;
				E00007FF77FF7280044B8();
				_t90 = _v64;
				_t123 = _v48;
				if (_t90 - _t123 > 0) goto 0x27ffc31a;
				goto 0x27ffc31d;
				_t125 = _t123 - _t90 - _t90;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t129 - _t125 > 0) goto 0x27ffc35a;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t125) goto 0x27ffc35a;
				r8b = 1;
				if (E00007FF77FF727FF24C0(__rcx, __rcx, _t125, __rdx, __rbp, _t145, _t152, _t149) == 0) goto 0x27ffc35a;
				 *(_t110 + 0x18) = _t129;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0x27ffc34c;
				goto 0x27ffc350;
				r12d = 0;
				 *((intOrPtr*)(_t110 + 8 + _t129 * 2)) = r12w;
				goto 0x27ffc35d;
				r12d = 0;
				_t93 =  *_t134;
				if (_t93 == 0) goto 0x27ffc374;
				if (_t93 ==  *_t150) goto 0x27ffc379;
				E00007FF77FF7280044B8();
				_t94 =  *((intOrPtr*)(_t150 + 8));
				if ( *((intOrPtr*)(_t134 + 8)) == _t94) goto 0x27ffc46e;
				E00007FF77FF727FFBBB0(_t61, _t110, _t134, _t134, _t136);
				r13d =  *_t94 & 0x0000ffff;
				if ((_t94 | 0xffffffff) -  *(_t110 + 0x18) - 1 > 0) goto 0x27ffc3a6;
				E00007FF77FF7280033CC((_t94 | 0xffffffff) -  *(_t110 + 0x18), _t110, _t129, _t136, _t140, _t142);
				_t131 =  *(_t110 + 0x18) + 1;
				if (_t131 - 0xfffffffe <= 0) goto 0x27ffc3b7;
				_t55 = E00007FF77FF7280033CC((_t94 | 0xffffffff) -  *(_t110 + 0x18), _t110, _t131, _t136, _t140, _t142);
				_t97 =  *((intOrPtr*)(_t110 + 0x20));
				if (_t97 - _t131 >= 0) goto 0x27ffc3d1;
				E00007FF77FF727FF26D0(_t55, _t110, _t131,  *(_t110 + 0x18), _t147, _t145);
				goto 0x27ffc3f0;
				if (_t131 != 0) goto 0x27ffc3f0;
				 *(_t110 + 0x18) = _t145;
				if (_t97 - 8 < 0) goto 0x27ffc3e6;
				goto 0x27ffc3ea;
				 *((intOrPtr*)(_t110 + 8)) = r12w;
				goto 0x27ffc428;
				if (_t131 == 0) goto 0x27ffc428;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0x27ffc409;
				goto 0x27ffc410;
				_t101 = _t110 + 8;
				 *((intOrPtr*)(_t101 +  *(_t110 + 0x18) * 2)) = r13w;
				 *(_t110 + 0x18) = _t131;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0x27ffc423;
				 *((intOrPtr*)( *_t101 + _t131 * 2)) = r12w;
				if ( *_t134 != 0) goto 0x27ffc442;
				E00007FF77FF7280044B8();
				_t104 =  *_t134;
				if (_t104 != 0) goto 0x27ffc442;
				goto 0x27ffc445;
				if (_t104 == 0) goto 0x27ffc44f;
				goto 0x27ffc452;
				if ( *((intOrPtr*)(_t134 + 8)) -  *((intOrPtr*)(_t145 + 0x38)) +  *((intOrPtr*)( *_t104 + 0x30)) < 0) goto 0x27ffc465;
				_t58 = E00007FF77FF7280044B8();
				 *((long long*)(_t134 + 8)) =  *((long long*)(_t134 + 8)) + 1;
				goto 0x27ffc367;
				return _t58;
			}




































                                                                                                                                                                                                    0x7ff727ffc2a0
                                                                                                                                                                                                    0x7ff727ffc2a0
                                                                                                                                                                                                    0x7ff727ffc2a0
                                                                                                                                                                                                    0x7ff727ffc2a0
                                                                                                                                                                                                    0x7ff727ffc2a0
                                                                                                                                                                                                    0x7ff727ffc2a3
                                                                                                                                                                                                    0x7ff727ffc2b4
                                                                                                                                                                                                    0x7ff727ffc2bd
                                                                                                                                                                                                    0x7ff727ffc2c1
                                                                                                                                                                                                    0x7ff727ffc2c5
                                                                                                                                                                                                    0x7ff727ffc2c8
                                                                                                                                                                                                    0x7ff727ffc2cb
                                                                                                                                                                                                    0x7ff727ffc2ce
                                                                                                                                                                                                    0x7ff727ffc2d5
                                                                                                                                                                                                    0x7ff727ffc2dc
                                                                                                                                                                                                    0x7ff727ffc2e0
                                                                                                                                                                                                    0x7ff727ffc2e7
                                                                                                                                                                                                    0x7ff727ffc2ee
                                                                                                                                                                                                    0x7ff727ffc2f2
                                                                                                                                                                                                    0x7ff727ffc2f9
                                                                                                                                                                                                    0x7ff727ffc2ff
                                                                                                                                                                                                    0x7ff727ffc301
                                                                                                                                                                                                    0x7ff727ffc306
                                                                                                                                                                                                    0x7ff727ffc30b
                                                                                                                                                                                                    0x7ff727ffc313
                                                                                                                                                                                                    0x7ff727ffc318
                                                                                                                                                                                                    0x7ff727ffc31a
                                                                                                                                                                                                    0x7ff727ffc31d
                                                                                                                                                                                                    0x7ff727ffc324
                                                                                                                                                                                                    0x7ff727ffc32a
                                                                                                                                                                                                    0x7ff727ffc32c
                                                                                                                                                                                                    0x7ff727ffc339
                                                                                                                                                                                                    0x7ff727ffc33b
                                                                                                                                                                                                    0x7ff727ffc344
                                                                                                                                                                                                    0x7ff727ffc34a
                                                                                                                                                                                                    0x7ff727ffc350
                                                                                                                                                                                                    0x7ff727ffc353
                                                                                                                                                                                                    0x7ff727ffc358
                                                                                                                                                                                                    0x7ff727ffc35a
                                                                                                                                                                                                    0x7ff727ffc367
                                                                                                                                                                                                    0x7ff727ffc36d
                                                                                                                                                                                                    0x7ff727ffc372
                                                                                                                                                                                                    0x7ff727ffc374
                                                                                                                                                                                                    0x7ff727ffc379
                                                                                                                                                                                                    0x7ff727ffc381
                                                                                                                                                                                                    0x7ff727ffc38a
                                                                                                                                                                                                    0x7ff727ffc38f
                                                                                                                                                                                                    0x7ff727ffc39f
                                                                                                                                                                                                    0x7ff727ffc3a1
                                                                                                                                                                                                    0x7ff727ffc3aa
                                                                                                                                                                                                    0x7ff727ffc3b0
                                                                                                                                                                                                    0x7ff727ffc3b2
                                                                                                                                                                                                    0x7ff727ffc3b7
                                                                                                                                                                                                    0x7ff727ffc3be
                                                                                                                                                                                                    0x7ff727ffc3ca
                                                                                                                                                                                                    0x7ff727ffc3cf
                                                                                                                                                                                                    0x7ff727ffc3d4
                                                                                                                                                                                                    0x7ff727ffc3d6
                                                                                                                                                                                                    0x7ff727ffc3de
                                                                                                                                                                                                    0x7ff727ffc3e4
                                                                                                                                                                                                    0x7ff727ffc3ea
                                                                                                                                                                                                    0x7ff727ffc3ee
                                                                                                                                                                                                    0x7ff727ffc3f3
                                                                                                                                                                                                    0x7ff727ffc3fe
                                                                                                                                                                                                    0x7ff727ffc407
                                                                                                                                                                                                    0x7ff727ffc409
                                                                                                                                                                                                    0x7ff727ffc410
                                                                                                                                                                                                    0x7ff727ffc415
                                                                                                                                                                                                    0x7ff727ffc41e
                                                                                                                                                                                                    0x7ff727ffc423
                                                                                                                                                                                                    0x7ff727ffc42e
                                                                                                                                                                                                    0x7ff727ffc430
                                                                                                                                                                                                    0x7ff727ffc435
                                                                                                                                                                                                    0x7ff727ffc43b
                                                                                                                                                                                                    0x7ff727ffc440
                                                                                                                                                                                                    0x7ff727ffc448
                                                                                                                                                                                                    0x7ff727ffc44d
                                                                                                                                                                                                    0x7ff727ffc45e
                                                                                                                                                                                                    0x7ff727ffc460
                                                                                                                                                                                                    0x7ff727ffc465
                                                                                                                                                                                                    0x7ff727ffc469
                                                                                                                                                                                                    0x7ff727ffc487

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 5c141b8904f02e943c942c556673060c55fd9cceccc76b955d807c772474a688
                                                                                                                                                                                                    • Instruction ID: 09b168e1b0eb3f27a4e3fe2c7013463cb053f21248b335a35497af85688aa06e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c141b8904f02e943c942c556673060c55fd9cceccc76b955d807c772474a688
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50519F2260EB5180EB24AF15DA4403CA365FB06FE4B944636CE6D077E4DF39E983D761
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802A770 Relevance: 6.1, APIs: 4, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF77FF72802A770(void* __ebx, signed int __ecx, void* __edx, void* __edi, long long __rcx, void* __r8, void* __r9, long long _a40, intOrPtr _a48, void* _a56, void* _a64) {
				signed int _v56;
				long long _v64;
				intOrPtr _v88;
				char _v96;
				long long _v104;
				signed int _v112;
				short _v128;
				char _v136;
				char _v152;
				long long _v168;
				char _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				signed char _v232;
				intOrPtr _v248;
				long long _v256;
				void* _v264;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t72;
				void* _t73;
				signed long long _t92;
				long long _t105;
				long long _t106;
				short _t111;
				short _t112;
				long long _t130;
				long long _t132;
				void* _t133;
				signed int _t134;
				signed long long _t138;

				_t142 = __r9;
				_t72 = __edi;
				_t69 = __ecx;
				_v168 = 0xfffffffe;
				_t92 =  *0x28040430; // 0x449f3b8ca6a
				_v56 = _t92 ^  &_v264;
				_t73 = __edx;
				_t106 = __rcx;
				if (r8d -  *((intOrPtr*)(__rcx + 0x318)) < 0) goto 0x2802a9e5;
				r9d =  *(__rcx + 0x2c);
				_v248 = _a48;
				_v256 = _a40;
				_v264 = __r9;
				E00007FF77FF72802A270(__ebx, __ecx, __rcx,  &_v96, _t134, __r8, __r9);
				_v104 = 7;
				_v112 = _t134;
				_v128 = 0;
				E00007FF77FF727FF79A0();
				_t111 = _v128;
				_t145 =  >=  ? _t111 :  &_v128;
				_t138 = _v112;
				_t130 = ( >=  ? _t111 :  &_v128) + _t138 * 2;
				if (_t130 == 0) goto 0x2802a87d;
				_t95 =  >=  ? _t111 :  &_v128;
				_t79 = ( >=  ? _t111 :  &_v128) - _t130;
				if (( >=  ? _t111 :  &_v128) - _t130 > 0) goto 0x2802a87d;
				_t97 =  >=  ? _t111 :  &_v128;
				if (_t130 - ( >=  ? _t111 :  &_v128) + _t138 * 2 <= 0) goto 0x2802a89a;
				E00007FF77FF7280044B8();
				_t112 = _v128;
				_v216 =  &_v136;
				_v208 = _t130;
				if (_v104 - 8 < 0) goto 0x2802a8bc;
				if (_t112 == 0) goto 0x2802a8f2;
				goto 0x2802a8c4;
				_t132 =  &_v128;
				_t101 =  >=  ? _t112 :  &_v128;
				_t85 = ( >=  ? _t112 :  &_v128) - _t132;
				if (( >=  ? _t112 :  &_v128) - _t132 > 0) goto 0x2802a8f2;
				_t103 =  >=  ? _t112 :  &_v128;
				if (_t132 - ( >=  ? _t112 :  &_v128) + _v112 * 2 <= 0) goto 0x2802a8f7;
				E00007FF77FF7280044B8();
				_t105 =  &_v136;
				_v200 = _t105;
				_v192 = _t132;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x90], xmm0");
				asm("movaps xmm1, [esp+0x60]");
				asm("movdqa [esp+0x70], xmm1");
				r9d = _v232 & 0x000000ff;
				E00007FF77FF727FFCD30( &_v96,  &_v184,  &_v152);
				r8d = 2;
				E00007FF77FF727FF47C0(_t106,  &_v96, L"\r\n", _t132, _t133, _t134,  &_v152);
				_v216 = _t106;
				EnterCriticalSection(??);
				E00007FF77FF728029FC0(_t73, _t106, _t106, _t133);
				if (_t105 == 0xffffffff) goto 0x2802a98f;
				E00007FF77FF72802A560(__ebx, _t69, _t72, _t106, _t106, _t105, _t134,  &_v96, _t142);
				LeaveCriticalSection(??);
				if (_v104 - 8 < 0) goto 0x2802a9b1;
				E00007FF77FF7280044D8(_t105, _t106, _v128, _t105, _t133,  &_v96, _t142);
				_v104 = 7;
				_v112 = _t134;
				_v128 = 0;
				if (_v64 - 8 < 0) goto 0x2802a9e5;
				E00007FF77FF7280044D8(_t105, _t106, _v88, _t105, _t133,  &_v96, _t142);
				return E00007FF77FF728004050(_t69, _v56 ^  &_v264, _t105,  &_v96, _t142);
			}






































                                                                                                                                                                                                    0x7ff72802a770
                                                                                                                                                                                                    0x7ff72802a770
                                                                                                                                                                                                    0x7ff72802a770
                                                                                                                                                                                                    0x7ff72802a77c
                                                                                                                                                                                                    0x7ff72802a788
                                                                                                                                                                                                    0x7ff72802a792
                                                                                                                                                                                                    0x7ff72802a79d
                                                                                                                                                                                                    0x7ff72802a79f
                                                                                                                                                                                                    0x7ff72802a7b3
                                                                                                                                                                                                    0x7ff72802a7b9
                                                                                                                                                                                                    0x7ff72802a7c4
                                                                                                                                                                                                    0x7ff72802a7c8
                                                                                                                                                                                                    0x7ff72802a7cd
                                                                                                                                                                                                    0x7ff72802a7dd
                                                                                                                                                                                                    0x7ff72802a7e3
                                                                                                                                                                                                    0x7ff72802a7f1
                                                                                                                                                                                                    0x7ff72802a7f9
                                                                                                                                                                                                    0x7ff72802a819
                                                                                                                                                                                                    0x7ff72802a826
                                                                                                                                                                                                    0x7ff72802a83a
                                                                                                                                                                                                    0x7ff72802a83e
                                                                                                                                                                                                    0x7ff72802a846
                                                                                                                                                                                                    0x7ff72802a84d
                                                                                                                                                                                                    0x7ff72802a85b
                                                                                                                                                                                                    0x7ff72802a85f
                                                                                                                                                                                                    0x7ff72802a862
                                                                                                                                                                                                    0x7ff72802a870
                                                                                                                                                                                                    0x7ff72802a87b
                                                                                                                                                                                                    0x7ff72802a87d
                                                                                                                                                                                                    0x7ff72802a892
                                                                                                                                                                                                    0x7ff72802a8a2
                                                                                                                                                                                                    0x7ff72802a8a7
                                                                                                                                                                                                    0x7ff72802a8b0
                                                                                                                                                                                                    0x7ff72802a8b8
                                                                                                                                                                                                    0x7ff72802a8ba
                                                                                                                                                                                                    0x7ff72802a8bc
                                                                                                                                                                                                    0x7ff72802a8d0
                                                                                                                                                                                                    0x7ff72802a8d4
                                                                                                                                                                                                    0x7ff72802a8d7
                                                                                                                                                                                                    0x7ff72802a8e5
                                                                                                                                                                                                    0x7ff72802a8f0
                                                                                                                                                                                                    0x7ff72802a8f2
                                                                                                                                                                                                    0x7ff72802a8f7
                                                                                                                                                                                                    0x7ff72802a8ff
                                                                                                                                                                                                    0x7ff72802a904
                                                                                                                                                                                                    0x7ff72802a909
                                                                                                                                                                                                    0x7ff72802a90e
                                                                                                                                                                                                    0x7ff72802a917
                                                                                                                                                                                                    0x7ff72802a91c
                                                                                                                                                                                                    0x7ff72802a922
                                                                                                                                                                                                    0x7ff72802a93d
                                                                                                                                                                                                    0x7ff72802a942
                                                                                                                                                                                                    0x7ff72802a957
                                                                                                                                                                                                    0x7ff72802a95c
                                                                                                                                                                                                    0x7ff72802a964
                                                                                                                                                                                                    0x7ff72802a970
                                                                                                                                                                                                    0x7ff72802a979
                                                                                                                                                                                                    0x7ff72802a989
                                                                                                                                                                                                    0x7ff72802a992
                                                                                                                                                                                                    0x7ff72802a9a2
                                                                                                                                                                                                    0x7ff72802a9ac
                                                                                                                                                                                                    0x7ff72802a9b1
                                                                                                                                                                                                    0x7ff72802a9bd
                                                                                                                                                                                                    0x7ff72802a9c5
                                                                                                                                                                                                    0x7ff72802a9d6
                                                                                                                                                                                                    0x7ff72802a9e0
                                                                                                                                                                                                    0x7ff72802aa00

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf$CriticalSection_invalid_parameter_noinfo$CurrentEnterLeaveSystemThreadTime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1744438772-0
                                                                                                                                                                                                    • Opcode ID: e23f237a98b1d8089097f5cf546f0080097a3824f3602463ab54cee6507bbf80
                                                                                                                                                                                                    • Instruction ID: e5a76dde693be461ea26f33d7dade4f2fe67690543facb7dd79cfbed1e8267ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e23f237a98b1d8089097f5cf546f0080097a3824f3602463ab54cee6507bbf80
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63512A2260DBC295EA70AB15EC407AAF361FB85794F804232DADD43A98DF7CD489CF14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728009250 Relevance: 6.1, APIs: 4, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                                                    			E00007FF77FF728009250(long long __rcx, long long __rdx, long long __r8, intOrPtr _a8, void* _a16, intOrPtr _a24, intOrPtr _a32) {
				long long _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _t63;
				void* _t65;
				signed long long _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				long long _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t100;
				long long _t112;
				long long _t115;
				void* _t121;
				signed long long _t123;
				long long _t128;

				_t80 = _t115;
				 *((intOrPtr*)(_t80 + 0x20)) = r9d;
				 *((long long*)(_t80 + 0x18)) = __r8;
				 *((long long*)(_t80 + 0x10)) = __rdx;
				 *((long long*)(_t80 + 8)) = __rcx;
				r13d = r9d;
				_t112 = __r8;
				_t128 = __rcx;
				_t66 = E00007FF77FF728012550(__rcx, __rdx, __r8);
				E00007FF77FF7280072E8(_t80);
				_v64 = _t80;
				E00007FF77FF72800B93C(_t65, _t69, _t80);
				 *((intOrPtr*)(_t80 + 0x100)) =  *((intOrPtr*)(_t80 + 0x100)) + 1;
				if (_t66 == 0xffffffff) goto 0x2800939b;
				if (_t66 - r13d <= 0) goto 0x2800939b;
				if (_t66 - 0xffffffff <= 0) goto 0x280092b9;
				if (_t66 -  *((intOrPtr*)(_t112 + 4)) < 0) goto 0x280092be;
				E00007FF77FF728010148(_t80);
				_t123 = _t66;
				E00007FF77FF7280072E8(_t80);
				_t81 = _t80 + _t123 * 8;
				_t67 =  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t81));
				_v72 = _t67;
				E00007FF77FF7280072E8(_t81);
				_t82 = _t81 + _t123 * 8;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t82 + 4)) == 0) goto 0x2800930a;
				E00007FF77FF7280072E8(_t82);
				_t83 = _t82 + _t123 * 8;
				E00007FF77FF7280072E8(_t83);
				_t84 = _t83 +  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t83 + 4));
				goto 0x2800930c;
				if (_t84 == 0) goto 0x2800936d;
				r9d = _t67;
				E00007FF77FF728012578(0, _t128, _t112);
				E00007FF77FF7280072E8(_t84);
				_t100 =  *((intOrPtr*)(_t112 + 8));
				_t85 = _t84 + _t123 * 8;
				_t76 =  *((intOrPtr*)(_t100 + _t85 + 4));
				if ( *((intOrPtr*)(_t100 + _t85 + 4)) == 0) goto 0x28009352;
				E00007FF77FF7280072E8(_t85);
				_t86 = _t85 + _t123 * 8;
				E00007FF77FF7280072E8(_t86);
				_t87 = _t86 +  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t86 + 4));
				goto 0x28009354;
				r8d = 0x103;
				E00007FF77FF72802C050(_t87, _t128, _t121);
				E00007FF77FF728007318(_t87, _t80);
				r13d = _a32;
				_t68 = _v72;
				_v68 = _t68;
				goto 0x2800929d;
				E00007FF77FF72800B93C(_t65, _t76, _t87);
				if ( *((intOrPtr*)(_t87 + 0x100)) <= 0) goto 0x280093b4;
				E00007FF77FF72800B93C(_t65,  *((intOrPtr*)(_t87 + 0x100)), _t87);
				 *((intOrPtr*)(_t87 + 0x100)) =  *((intOrPtr*)(_t87 + 0x100)) - 1;
				if (_t68 == 0xffffffff) goto 0x280093c3;
				if (_t68 - r13d <= 0) goto 0x280093c3;
				_t63 = E00007FF77FF728010148(_t87);
				r9d = _t68;
				return E00007FF77FF728012578(_t63, _a8, _a24);
			}


























                                                                                                                                                                                                    0x7ff728009250
                                                                                                                                                                                                    0x7ff728009253
                                                                                                                                                                                                    0x7ff728009257
                                                                                                                                                                                                    0x7ff72800925b
                                                                                                                                                                                                    0x7ff72800925f
                                                                                                                                                                                                    0x7ff728009272
                                                                                                                                                                                                    0x7ff728009275
                                                                                                                                                                                                    0x7ff72800927b
                                                                                                                                                                                                    0x7ff728009283
                                                                                                                                                                                                    0x7ff728009285
                                                                                                                                                                                                    0x7ff72800928d
                                                                                                                                                                                                    0x7ff728009292
                                                                                                                                                                                                    0x7ff728009297
                                                                                                                                                                                                    0x7ff7280092a0
                                                                                                                                                                                                    0x7ff7280092a9
                                                                                                                                                                                                    0x7ff7280092b2
                                                                                                                                                                                                    0x7ff7280092b7
                                                                                                                                                                                                    0x7ff7280092b9
                                                                                                                                                                                                    0x7ff7280092be
                                                                                                                                                                                                    0x7ff7280092c1
                                                                                                                                                                                                    0x7ff7280092ca
                                                                                                                                                                                                    0x7ff7280092ce
                                                                                                                                                                                                    0x7ff7280092d1
                                                                                                                                                                                                    0x7ff7280092d5
                                                                                                                                                                                                    0x7ff7280092de
                                                                                                                                                                                                    0x7ff7280092e7
                                                                                                                                                                                                    0x7ff7280092e9
                                                                                                                                                                                                    0x7ff7280092f2
                                                                                                                                                                                                    0x7ff7280092fb
                                                                                                                                                                                                    0x7ff728009300
                                                                                                                                                                                                    0x7ff728009308
                                                                                                                                                                                                    0x7ff72800930f
                                                                                                                                                                                                    0x7ff728009311
                                                                                                                                                                                                    0x7ff72800931d
                                                                                                                                                                                                    0x7ff728009322
                                                                                                                                                                                                    0x7ff728009327
                                                                                                                                                                                                    0x7ff72800932b
                                                                                                                                                                                                    0x7ff72800932f
                                                                                                                                                                                                    0x7ff728009334
                                                                                                                                                                                                    0x7ff728009336
                                                                                                                                                                                                    0x7ff72800933f
                                                                                                                                                                                                    0x7ff728009348
                                                                                                                                                                                                    0x7ff72800934d
                                                                                                                                                                                                    0x7ff728009350
                                                                                                                                                                                                    0x7ff728009354
                                                                                                                                                                                                    0x7ff728009360
                                                                                                                                                                                                    0x7ff728009368
                                                                                                                                                                                                    0x7ff72800936f
                                                                                                                                                                                                    0x7ff728009389
                                                                                                                                                                                                    0x7ff72800938d
                                                                                                                                                                                                    0x7ff728009396
                                                                                                                                                                                                    0x7ff72800939b
                                                                                                                                                                                                    0x7ff7280093a7
                                                                                                                                                                                                    0x7ff7280093a9
                                                                                                                                                                                                    0x7ff7280093ae
                                                                                                                                                                                                    0x7ff7280093b7
                                                                                                                                                                                                    0x7ff7280093bc
                                                                                                                                                                                                    0x7ff7280093be
                                                                                                                                                                                                    0x7ff7280093c3
                                                                                                                                                                                                    0x7ff7280093e3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$BaseImage
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2482573191-0
                                                                                                                                                                                                    • Opcode ID: 5665795fcf005ae9679d0fd918da8335e09ef8a53e3ab91a4d23fb740d9e4aa0
                                                                                                                                                                                                    • Instruction ID: 34c612fb6666cddec588499f3c445cc110e92a52fe30788ad91550e946ee8ddf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5665795fcf005ae9679d0fd918da8335e09ef8a53e3ab91a4d23fb740d9e4aa0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE417722E0860281EA30B755DC815BDE690EF95B95FC58133DA6D437E2DE3EE4418F18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728008214 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                    			E00007FF77FF728008214(void* __edi, void* __esi, long long __rcx, void* __rsi) {
				void* __rbx;
				void* _t4;
				intOrPtr _t15;
				void* _t23;
				intOrPtr* _t30;
				void* _t36;

				if (__rcx == 0) goto 0x280082ba;
				E00007FF77FF72800FF60();
				_t15 =  *((intOrPtr*)(__rcx + 8));
				if (_t15 == 0) goto 0x28008255;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t15 != 0) goto 0x28008255;
				if ( *((intOrPtr*)(__rcx + 8)) == 0x28040bb0) goto 0x28008255;
				free(_t23);
				E00007FF77FF72800FE60();
				if ( *((long long*)(__rcx)) == 0) goto 0x280082a1;
				E00007FF77FF72800FF60();
				E00007FF77FF72800809C(_t4,  *((intOrPtr*)(__rcx)), _t36);
				_t30 =  *((intOrPtr*)(__rcx));
				if (_t30 == 0) goto 0x28008297;
				if ( *_t30 != 0) goto 0x28008297;
				if (_t30 == 0x28040a30) goto 0x28008297;
				E00007FF77FF728007E88(__rcx, _t30, __rsi, _t36);
				E00007FF77FF72800FE60();
				 *((long long*)(__rcx)) = 0x28040a30;
				 *((long long*)(__rcx + 8)) = 0x28040a30;
				free(??);
				return 0xbaadf00d;
			}









                                                                                                                                                                                                    0x7ff728008217
                                                                                                                                                                                                    0x7ff72800822a
                                                                                                                                                                                                    0x7ff728008234
                                                                                                                                                                                                    0x7ff728008237
                                                                                                                                                                                                    0x7ff728008239
                                                                                                                                                                                                    0x7ff72800823d
                                                                                                                                                                                                    0x7ff72800824d
                                                                                                                                                                                                    0x7ff72800824f
                                                                                                                                                                                                    0x7ff72800825a
                                                                                                                                                                                                    0x7ff728008263
                                                                                                                                                                                                    0x7ff72800826a
                                                                                                                                                                                                    0x7ff728008273
                                                                                                                                                                                                    0x7ff728008278
                                                                                                                                                                                                    0x7ff72800827e
                                                                                                                                                                                                    0x7ff728008283
                                                                                                                                                                                                    0x7ff72800828f
                                                                                                                                                                                                    0x7ff728008291
                                                                                                                                                                                                    0x7ff72800829c
                                                                                                                                                                                                    0x7ff7280082a6
                                                                                                                                                                                                    0x7ff7280082a9
                                                                                                                                                                                                    0x7ff7280082b0
                                                                                                                                                                                                    0x7ff7280082ba

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lockfree$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188102813-0
                                                                                                                                                                                                    • Opcode ID: 4d6a6f156befe5a0da9afee2539e0a2b99425bf6e00ddd8f4db7cbe1f4866d2c
                                                                                                                                                                                                    • Instruction ID: 6bb911c171603db517916eff440efdf64bd487940e0ba44a4c782d040fd6d647
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d6a6f156befe5a0da9afee2539e0a2b99425bf6e00ddd8f4db7cbe1f4866d2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40115E21A0B94685FF74BBB0CC21778E390EF85B05F844537D62E466C6CE2EA8408B3D
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800B7DC Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FlsFree.KERNEL32(?,?,?,?,00007FF72800BB51,?,?,00000000,00007FF728004727), ref: 00007FF72800B7EB
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF72800BB51), ref: 00007FF72800FE12
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF72800FE1B
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF72800BB51), ref: 00007FF72800FE3B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalDeleteSection$Freefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1250194111-0
                                                                                                                                                                                                    • Opcode ID: 6873f9bc57506945de8e1b5125113889f3f65db8f6cd79cb80fb404202243c4b
                                                                                                                                                                                                    • Instruction ID: 8ea6ce010a045f0b55aeb979594c638e0bfa40e4c34459aeb9877e23bd86da64
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6873f9bc57506945de8e1b5125113889f3f65db8f6cd79cb80fb404202243c4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09118631E09A8686EA74AB11ED44138F3A0FF45B50F984536D66D06AD6CF3DE4918F28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728005F64 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF77FF728005F64(void* __edi, intOrPtr* __rax, long long __rbx, signed int __rcx, long long _a8) {
				signed int _v24;
				signed int _t16;
				void* _t21;
				void* _t29;
				signed int _t37;
				signed int _t39;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t49;

				_t39 = __rcx;
				_t35 = __rax;
				_a8 = __rbx;
				_t37 = __rcx;
				if (__rcx != 0) goto 0x28005f9c;
				E00007FF77FF7280078AC(__rax);
				_v24 = _v24 & __rcx;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF77FF728004430(__rax, __rcx, __rcx, _t43, _t44, _t45, _t49);
				goto 0x28005fe2;
				if (( *(_t39 + 0x18) & 0x00000083) == 0) goto 0x28005fdc;
				_t16 = E00007FF77FF728006BCC(_t37, _t39, _t44);
				E00007FF77FF728011B24(__rax, _t37);
				if (E00007FF77FF728011A0C(_t21, E00007FF77FF728010EB8(__rax, _t37, _t37, _t43, _t44, _t45, _t49), _t29, _t35, _t37, _t37, _t43, _t44, _t45, _t49) >= 0) goto 0x28005fc9;
				goto 0x28005fdc;
				if ( *(_t37 + 0x28) == 0) goto 0x28005fdc;
				free(??);
				 *(_t37 + 0x28) =  *(_t37 + 0x28) & 0x00000000;
				 *(_t37 + 0x18) =  *(_t37 + 0x18) & 0x00000000;
				return _t16 | 0xffffffff;
			}













                                                                                                                                                                                                    0x7ff728005f64
                                                                                                                                                                                                    0x7ff728005f64
                                                                                                                                                                                                    0x7ff728005f64
                                                                                                                                                                                                    0x7ff728005f71
                                                                                                                                                                                                    0x7ff728005f77
                                                                                                                                                                                                    0x7ff728005f79
                                                                                                                                                                                                    0x7ff728005f7e
                                                                                                                                                                                                    0x7ff728005f83
                                                                                                                                                                                                    0x7ff728005f86
                                                                                                                                                                                                    0x7ff728005f8d
                                                                                                                                                                                                    0x7ff728005f93
                                                                                                                                                                                                    0x7ff728005f9a
                                                                                                                                                                                                    0x7ff728005fa0
                                                                                                                                                                                                    0x7ff728005fa2
                                                                                                                                                                                                    0x7ff728005fac
                                                                                                                                                                                                    0x7ff728005fc2
                                                                                                                                                                                                    0x7ff728005fc7
                                                                                                                                                                                                    0x7ff728005fd0
                                                                                                                                                                                                    0x7ff728005fd2
                                                                                                                                                                                                    0x7ff728005fd7
                                                                                                                                                                                                    0x7ff728005fdc
                                                                                                                                                                                                    0x7ff728005fec

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointer_errno_flush_freebuf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1889905870-0
                                                                                                                                                                                                    • Opcode ID: e85fca2b21714c02f18f57603225243ab33633c5b8a898005f5a6ec10b8aea6d
                                                                                                                                                                                                    • Instruction ID: c8a44807bc2f950b4a02dc82dcd107fa29aaf4682db862864d9e01e4bd5734df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85fca2b21714c02f18f57603225243ab33633c5b8a898005f5a6ec10b8aea6d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6201D222E1864202FB34BB759C1133CE151DF84768FA91332E93D462D6DE3EE8008A2C
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280158B8 Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF77FF7280158B8(signed int __ecx, void* __edx, signed int* __rax, void* __rbx, void* __rsi, void* __rbp, void* __r8) {
				signed long long _v24;
				intOrPtr _t28;
				signed int* _t29;
				signed long long _t34;

				if (__ecx != 0xfffffffe) goto 0x280158d6;
				E00007FF77FF7280078CC(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 9;
				goto 0x28015933;
				if (__ecx < 0) goto 0x2801590b;
				if (__ecx -  *0x280489c0 >= 0) goto 0x2801590b;
				_t34 = __ecx * 0x58;
				_t28 =  *((intOrPtr*)(0x280489e0 + (__ecx >> 5) * 8));
				if (( *(_t28 + _t34 + 8) & 0x00000001) == 0) goto 0x2801590b;
				_t29 =  *((intOrPtr*)(_t28 + _t34));
				goto 0x28015937;
				E00007FF77FF7280078CC(_t29);
				 *_t29 =  *_t29 & 0x00000000;
				E00007FF77FF7280078AC(_t29);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t29 = 9;
				return E00007FF77FF728004430(_t29, __rbx, 0x280489e0, _t34, __rsi, __rbp, __r8);
			}







                                                                                                                                                                                                    0x7ff7280158bf
                                                                                                                                                                                                    0x7ff7280158c1
                                                                                                                                                                                                    0x7ff7280158c6
                                                                                                                                                                                                    0x7ff7280158c9
                                                                                                                                                                                                    0x7ff7280158ce
                                                                                                                                                                                                    0x7ff7280158d4
                                                                                                                                                                                                    0x7ff7280158d8
                                                                                                                                                                                                    0x7ff7280158e0
                                                                                                                                                                                                    0x7ff7280158f6
                                                                                                                                                                                                    0x7ff7280158fa
                                                                                                                                                                                                    0x7ff728015903
                                                                                                                                                                                                    0x7ff728015905
                                                                                                                                                                                                    0x7ff728015909
                                                                                                                                                                                                    0x7ff72801590b
                                                                                                                                                                                                    0x7ff728015910
                                                                                                                                                                                                    0x7ff728015913
                                                                                                                                                                                                    0x7ff728015918
                                                                                                                                                                                                    0x7ff72801591e
                                                                                                                                                                                                    0x7ff728015921
                                                                                                                                                                                                    0x7ff728015928
                                                                                                                                                                                                    0x7ff72801593b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 42309f2acd20e35207d32cf45d5d8bb19fd6256df55cf22ec14333df7ab8f0c2
                                                                                                                                                                                                    • Instruction ID: 73cbc9d766e7ce4c7b12867ce3b8e364b172bf0f988005eef54031461e94c1d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42309f2acd20e35207d32cf45d5d8bb19fd6256df55cf22ec14333df7ab8f0c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34018C72E19A4681FA257B248C5137CE651EF90735FD49337D92E0A2D1CF3E64008E3A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF727FF40C0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E00007FF77FF727FF40C0(intOrPtr* __rcx) {
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t9;
				intOrPtr _t11;
				void* _t14;
				void* _t15;
				void* _t17;

				_t11 =  *__rcx;
				if (_t11 == 0) goto 0x27ff40fc;
				if (_t11 == 0xffffffff) goto 0x27ff40fc;
				if (CloseHandle(??) != 0) goto 0x27ff40fc;
				r9d = 0x1dd;
				return E00007FF77FF72802AB00(_t3, _t4, _t5, _t9, "CloseHandle(handle_to_manage)", "void __cdecl boost::detail::win32::handle_manager::cleanup(void)", _t14, _t15, "D:\\Libraries\\boost\\boost/thread/win32/thread_primitives.hpp", _t17);
			}











                                                                                                                                                                                                    0x7ff727ff40c4
                                                                                                                                                                                                    0x7ff727ff40ca
                                                                                                                                                                                                    0x7ff727ff40d0
                                                                                                                                                                                                    0x7ff727ff40da
                                                                                                                                                                                                    0x7ff727ff40f1
                                                                                                                                                                                                    0x7ff727ff4100

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                    • String ID: CloseHandle(handle_to_manage)$D:\Libraries\boost\boost/thread/win32/thread_primitives.hpp$void __cdecl boost::detail::win32::handle_manager::cleanup(void)
                                                                                                                                                                                                    • API String ID: 2962429428-1328045786
                                                                                                                                                                                                    • Opcode ID: e94c27bac43ffa26f5226572da9408715b3b101fcc1e669ba66f1d71604591b2
                                                                                                                                                                                                    • Instruction ID: 9ca4b0868c8ce7ffdc58370d6ac9e2bbc1311fdb2443ba36a4ef65465ba60b61
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e94c27bac43ffa26f5226572da9408715b3b101fcc1e669ba66f1d71604591b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49E0E521E0E90291FA24B755FE51170A210FF21B74FC04332C83D561D2EE2DA2578B25
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72800A2C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                                                                    			E00007FF77FF72800A2C8(void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __rsi, long long __rbp, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				intOrPtr _t50;
				void* _t52;
				void* _t68;
				void* _t72;
				intOrPtr _t73;
				void* _t75;
				char _t86;
				void* _t103;
				intOrPtr _t105;
				intOrPtr* _t109;
				signed int* _t126;
				long long _t128;
				long long _t131;
				long long* _t146;
				void* _t147;

				_t103 = __rax;
				_t72 = __edi;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __r9;
				_t147 = __r8;
				_t128 = __rdx;
				_t109 = __rcx;
				E00007FF77FF72800B93C(_t68, _t75, __rax);
				_t126 = _a40;
				r8d = 0x80000029;
				r9d = 0x80000026;
				r14d = 1;
				if ( *((intOrPtr*)(_t103 + 0x2c0)) != 0) goto 0x2800a351;
				if ( *__rcx == 0xe06d7363) goto 0x2800a351;
				if ( *__rcx != r8d) goto 0x2800a336;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0x2800a336;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0x2800a351;
				if ( *__rcx == r9d) goto 0x2800a351;
				if (( *_t126 & 0x1fffffff) - 0x19930522 < 0) goto 0x2800a351;
				if ((_t126[9] & r14b) != 0) goto 0x2800a4d1;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0x2800a3ef;
				if (_t126[1] == 0) goto 0x2800a4d1;
				_t86 = _a48;
				if (_t86 != 0) goto 0x2800a4d1;
				if (_t86 == 0) goto 0x2800a3b8;
				if ( *__rcx != r9d) goto 0x2800a3b8;
				_t50 = E00007FF77FF7280124BC(_t103, __rcx, _t126, __r9, __rdx, __r9,  *((intOrPtr*)(__r8 + 0xf8)));
				if (_t50 - 0xffffffff < 0) goto 0x2800a39d;
				if (_t50 - _t126[1] < 0) goto 0x2800a3a2;
				E00007FF77FF728010148(_t103);
				r9d = _t50;
				_t52 = E00007FF77FF728009250(__rdx, _t131, _t126);
				goto 0x2800a4d1;
				if (_t52 == 0) goto 0x2800a3dc;
				if ( *_t109 != r8d) goto 0x2800a3dc;
				_t73 =  *((intOrPtr*)(_t109 + 0x38));
				if (_t73 - 0xffffffff < 0) goto 0x2800a3ce;
				if (_t73 - _t126[1] < 0) goto 0x2800a3d3;
				E00007FF77FF728010148(_t103);
				r9d = _t73;
				goto 0x2800a3a8;
				E00007FF77FF728007350(_t72, _t109, _t128, _t131, _t128, _t126);
				goto 0x2800a4d1;
				if (_t126[3] != 0) goto 0x2800a423;
				if (( *_t126 & 0x1fffffff) - 0x19930521 < 0) goto 0x2800a4d1;
				if (_t126[8] == 0) goto 0x2800a418;
				E00007FF77FF7280072E8(_t103);
				goto 0x2800a41a;
				if (_t103 + _t126[8] == 0) goto 0x2800a4d1;
				if ( *_t109 != 0xe06d7363) goto 0x2800a498;
				if ( *((intOrPtr*)(_t109 + 0x18)) - 3 < 0) goto 0x2800a498;
				if ( *((intOrPtr*)(_t109 + 0x20)) - 0x19930522 <= 0) goto 0x2800a498;
				_t105 =  *((intOrPtr*)(_t109 + 0x30));
				if ( *((intOrPtr*)(_t105 + 8)) == 0) goto 0x2800a456;
				E00007FF77FF728007300(_t105);
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x30)) + 8)) + _t105;
				goto 0x2800a459;
				r11d = 0;
				if (_t146 == 0) goto 0x2800a498;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t126;
				 *_t146();
				goto 0x2800a4d4;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t126;
				E00007FF77FF728009D48(_t50,  *_t126 & 0x1fffffff, _t72, __ebp, _a56, _t109, _t109, _t128, _t147, _t131);
				return r14d;
			}






















                                                                                                                                                                                                    0x7ff72800a2c8
                                                                                                                                                                                                    0x7ff72800a2c8
                                                                                                                                                                                                    0x7ff72800a2c8
                                                                                                                                                                                                    0x7ff72800a2cd
                                                                                                                                                                                                    0x7ff72800a2d2
                                                                                                                                                                                                    0x7ff72800a2e0
                                                                                                                                                                                                    0x7ff72800a2e3
                                                                                                                                                                                                    0x7ff72800a2e6
                                                                                                                                                                                                    0x7ff72800a2e9
                                                                                                                                                                                                    0x7ff72800a2ec
                                                                                                                                                                                                    0x7ff72800a2f1
                                                                                                                                                                                                    0x7ff72800a305
                                                                                                                                                                                                    0x7ff72800a30b
                                                                                                                                                                                                    0x7ff72800a311
                                                                                                                                                                                                    0x7ff72800a317
                                                                                                                                                                                                    0x7ff72800a31f
                                                                                                                                                                                                    0x7ff72800a324
                                                                                                                                                                                                    0x7ff72800a32a
                                                                                                                                                                                                    0x7ff72800a334
                                                                                                                                                                                                    0x7ff72800a339
                                                                                                                                                                                                    0x7ff72800a345
                                                                                                                                                                                                    0x7ff72800a34b
                                                                                                                                                                                                    0x7ff72800a356
                                                                                                                                                                                                    0x7ff72800a360
                                                                                                                                                                                                    0x7ff72800a366
                                                                                                                                                                                                    0x7ff72800a36e
                                                                                                                                                                                                    0x7ff72800a377
                                                                                                                                                                                                    0x7ff72800a37c
                                                                                                                                                                                                    0x7ff72800a38c
                                                                                                                                                                                                    0x7ff72800a396
                                                                                                                                                                                                    0x7ff72800a39b
                                                                                                                                                                                                    0x7ff72800a39d
                                                                                                                                                                                                    0x7ff72800a3a2
                                                                                                                                                                                                    0x7ff72800a3ae
                                                                                                                                                                                                    0x7ff72800a3b3
                                                                                                                                                                                                    0x7ff72800a3ba
                                                                                                                                                                                                    0x7ff72800a3bf
                                                                                                                                                                                                    0x7ff72800a3c1
                                                                                                                                                                                                    0x7ff72800a3c7
                                                                                                                                                                                                    0x7ff72800a3cc
                                                                                                                                                                                                    0x7ff72800a3ce
                                                                                                                                                                                                    0x7ff72800a3d7
                                                                                                                                                                                                    0x7ff72800a3da
                                                                                                                                                                                                    0x7ff72800a3e5
                                                                                                                                                                                                    0x7ff72800a3ea
                                                                                                                                                                                                    0x7ff72800a3f3
                                                                                                                                                                                                    0x7ff72800a3fe
                                                                                                                                                                                                    0x7ff72800a408
                                                                                                                                                                                                    0x7ff72800a40a
                                                                                                                                                                                                    0x7ff72800a416
                                                                                                                                                                                                    0x7ff72800a41d
                                                                                                                                                                                                    0x7ff72800a429
                                                                                                                                                                                                    0x7ff72800a42f
                                                                                                                                                                                                    0x7ff72800a438
                                                                                                                                                                                                    0x7ff72800a43a
                                                                                                                                                                                                    0x7ff72800a442
                                                                                                                                                                                                    0x7ff72800a444
                                                                                                                                                                                                    0x7ff72800a451
                                                                                                                                                                                                    0x7ff72800a454
                                                                                                                                                                                                    0x7ff72800a456
                                                                                                                                                                                                    0x7ff72800a45c
                                                                                                                                                                                                    0x7ff72800a46c
                                                                                                                                                                                                    0x7ff72800a47b
                                                                                                                                                                                                    0x7ff72800a48a
                                                                                                                                                                                                    0x7ff72800a48e
                                                                                                                                                                                                    0x7ff72800a493
                                                                                                                                                                                                    0x7ff72800a496
                                                                                                                                                                                                    0x7ff72800a4a6
                                                                                                                                                                                                    0x7ff72800a4b5
                                                                                                                                                                                                    0x7ff72800a4c3
                                                                                                                                                                                                    0x7ff72800a4c7
                                                                                                                                                                                                    0x7ff72800a4cc
                                                                                                                                                                                                    0x7ff72800a4ec

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                    • API String ID: 3186804695-3733052814
                                                                                                                                                                                                    • Opcode ID: 98f21436721bd78c3725fa0ca854348773e5603e32f22c9a78c881d467c025b4
                                                                                                                                                                                                    • Instruction ID: fa45e0088a41a4e3e6e0073c69fc8904bea5f7ba9fe44ca27ee08cb22fca9d0f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98f21436721bd78c3725fa0ca854348773e5603e32f22c9a78c881d467c025b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F5170229086428AEA70AF269C4537DF690EB41B94F844136EE6D577C5CF3DE4A0CF29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000850 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF77FF728000850(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				long long _t35;
				signed int _t43;
				signed int _t44;
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				void* _t52;
				signed long long _t62;
				char* _t68;
				char* _t69;
				intOrPtr _t72;
				void* _t73;
				long long _t74;
				long long* _t76;
				void* _t84;
				void* _t86;
				signed long long _t89;

				_t62 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t89 + 0xe0) = _t62 ^ _t89;
				_t72 =  *((intOrPtr*)(__r9 + 0x20));
				_t48 = _t72;
				if (_t48 > 0) goto 0x28000891;
				asm("inc ecx");
				if (_t48 < 0) goto 0x28000891;
				_t43 =  *(__r9 + 0x18);
				asm("movsd xmm1, [esp+0x158]");
				r9d = 6;
				r9d =  >  ? 0x24 : r9d;
				_t84 = _t86;
				_t73 = _t72 - r9d;
				_t50 = (_t43 & 0x00003000) - 0x2000;
				if (_t50 != 0) goto 0x28000969;
				asm("movapd xmm0, xmm1");
				asm("mulsd xmm0, [0x3480b]");
				asm("ucomisd xmm0, xmm1");
				if (_t50 != 0) goto 0x280008e1;
				if (_t50 == 0) goto 0x28000969;
				asm("xorpd xmm3, xmm3");
				asm("movsd xmm4, [0x347e3]");
				asm("comisd xmm3, xmm1");
				if (_t50 <= 0) goto 0x280008fb;
				asm("xorpd xmm1, xmm4");
				goto 0x280008fd;
				asm("movsd xmm0, [0x347c3]");
				asm("movsd xmm2, [0x347b3]");
				asm("comisd xmm1, xmm0");
				if (_t50 < 0) goto 0x2800092a;
				_t51 = _t86 - 0x1388;
				if (_t51 >= 0) goto 0x2800092a;
				asm("divsd xmm1, xmm2");
				asm("comisd xmm1, xmm0");
				if (_t51 >= 0) goto 0x28000913;
				asm("comisd xmm1, xmm3");
				if (_t51 <= 0) goto 0x28000961;
				_t52 = _t73 - 0xa;
				if (_t52 < 0) goto 0x28000961;
				asm("movsd xmm0, [0x3477a]");
				asm("comisd xmm0, xmm1");
				if (_t52 < 0) goto 0x28000961;
				if (_t84 - 0x1388 >= 0) goto 0x28000961;
				_t74 = _t73 - 0xa;
				asm("mulsd xmm1, xmm2");
				if (_t74 - 0xa >= 0) goto 0x28000940;
				if (0 == 0) goto 0x28000969;
				asm("xorpd xmm1, xmm4");
				_t76 = _t89 + 0x50;
				 *((char*)(_t89 + 0x60)) = 0x25;
				 *_t76 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t76 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ((_t43 & 0x00000020) == 0) goto 0x28000995;
				 *((char*)(_t89 + 0x61)) = 0x2b;
				_t68 = _t89 + 0x62;
				if ((_t43 & 0x00000010) == 0) goto 0x280009a0;
				 *_t68 = 0x23;
				_t69 = _t68 + 1;
				_t44 = _t43 & 0x00003000;
				 *_t69 = 0x2e;
				 *((char*)(_t69 + 1)) = 0x2a;
				if (_t44 != 0x2000) goto 0x280009b9;
				goto 0x280009da;
				if (_t44 != 0x3000) goto 0x280009c5;
				goto 0x280009da;
				r8d = 0x65;
				_t42 =  ==  ? r8d : 0x67;
				 *((char*)(_t69 + 2)) =  ==  ? r8d : 0x67;
				asm("movsd [esp+0x20], xmm1");
				 *((char*)(_t69 + 3)) = 0;
				_t35 = E00007FF77FF728004828(_t89 + 0x60, __r9);
				_t94 = __r9;
				 *((long long*)(_t89 + 0x48)) = _t35;
				 *((long long*)(_t89 + 0x40)) = _t74;
				 *((long long*)(_t89 + 0x38)) = _t84 + 0xa;
				 *((long long*)(_t89 + 0x30)) = _t86 + 0xa;
				 *((long long*)(_t89 + 0x28)) = _t89 + 0x70;
				 *((char*)(_t89 + 0x20)) =  *(_t89 + 0x150) & 0x000000ff;
				E00007FF77FF728000F40( *(_t89 + 0x150) & 0x000000ff, _t44 - 0x1000, _t74, __rcx, __rdx, _t89 + 0x50, __r9);
				return E00007FF77FF728004050( ==  ? r8d : 0x67,  *(_t89 + 0xe0) ^ _t89, __rdx, _t89 + 0x50, _t94);
			}





















                                                                                                                                                                                                    0x7ff728000860
                                                                                                                                                                                                    0x7ff72800086a
                                                                                                                                                                                                    0x7ff728000872
                                                                                                                                                                                                    0x7ff72800087f
                                                                                                                                                                                                    0x7ff728000882
                                                                                                                                                                                                    0x7ff728000884
                                                                                                                                                                                                    0x7ff72800088a
                                                                                                                                                                                                    0x7ff728000891
                                                                                                                                                                                                    0x7ff728000894
                                                                                                                                                                                                    0x7ff7280008a5
                                                                                                                                                                                                    0x7ff7280008a8
                                                                                                                                                                                                    0x7ff7280008b1
                                                                                                                                                                                                    0x7ff7280008b4
                                                                                                                                                                                                    0x7ff7280008be
                                                                                                                                                                                                    0x7ff7280008c3
                                                                                                                                                                                                    0x7ff7280008c9
                                                                                                                                                                                                    0x7ff7280008cd
                                                                                                                                                                                                    0x7ff7280008d5
                                                                                                                                                                                                    0x7ff7280008d9
                                                                                                                                                                                                    0x7ff7280008db
                                                                                                                                                                                                    0x7ff7280008e1
                                                                                                                                                                                                    0x7ff7280008e5
                                                                                                                                                                                                    0x7ff7280008ed
                                                                                                                                                                                                    0x7ff7280008f1
                                                                                                                                                                                                    0x7ff7280008f5
                                                                                                                                                                                                    0x7ff7280008f9
                                                                                                                                                                                                    0x7ff7280008fd
                                                                                                                                                                                                    0x7ff728000905
                                                                                                                                                                                                    0x7ff72800090d
                                                                                                                                                                                                    0x7ff728000911
                                                                                                                                                                                                    0x7ff728000913
                                                                                                                                                                                                    0x7ff72800091a
                                                                                                                                                                                                    0x7ff72800091c
                                                                                                                                                                                                    0x7ff728000924
                                                                                                                                                                                                    0x7ff728000928
                                                                                                                                                                                                    0x7ff72800092a
                                                                                                                                                                                                    0x7ff72800092e
                                                                                                                                                                                                    0x7ff728000930
                                                                                                                                                                                                    0x7ff728000934
                                                                                                                                                                                                    0x7ff728000936
                                                                                                                                                                                                    0x7ff728000940
                                                                                                                                                                                                    0x7ff728000944
                                                                                                                                                                                                    0x7ff72800094d
                                                                                                                                                                                                    0x7ff72800094f
                                                                                                                                                                                                    0x7ff728000957
                                                                                                                                                                                                    0x7ff72800095f
                                                                                                                                                                                                    0x7ff728000963
                                                                                                                                                                                                    0x7ff728000965
                                                                                                                                                                                                    0x7ff72800096c
                                                                                                                                                                                                    0x7ff728000971
                                                                                                                                                                                                    0x7ff728000976
                                                                                                                                                                                                    0x7ff72800097d
                                                                                                                                                                                                    0x7ff728000989
                                                                                                                                                                                                    0x7ff72800098b
                                                                                                                                                                                                    0x7ff728000990
                                                                                                                                                                                                    0x7ff728000998
                                                                                                                                                                                                    0x7ff72800099a
                                                                                                                                                                                                    0x7ff72800099d
                                                                                                                                                                                                    0x7ff7280009a0
                                                                                                                                                                                                    0x7ff7280009a6
                                                                                                                                                                                                    0x7ff7280009a9
                                                                                                                                                                                                    0x7ff7280009b3
                                                                                                                                                                                                    0x7ff7280009b7
                                                                                                                                                                                                    0x7ff7280009bf
                                                                                                                                                                                                    0x7ff7280009c3
                                                                                                                                                                                                    0x7ff7280009ca
                                                                                                                                                                                                    0x7ff7280009d6
                                                                                                                                                                                                    0x7ff7280009da
                                                                                                                                                                                                    0x7ff7280009e7
                                                                                                                                                                                                    0x7ff7280009f2
                                                                                                                                                                                                    0x7ff7280009f6
                                                                                                                                                                                                    0x7ff728000a00
                                                                                                                                                                                                    0x7ff728000a0e
                                                                                                                                                                                                    0x7ff728000a1b
                                                                                                                                                                                                    0x7ff728000a20
                                                                                                                                                                                                    0x7ff728000a25
                                                                                                                                                                                                    0x7ff728000a2a
                                                                                                                                                                                                    0x7ff728000a2f
                                                                                                                                                                                                    0x7ff728000a36
                                                                                                                                                                                                    0x7ff728000a5d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 4a7392d89f1e279d8a6d564c2a1305181f93ac8bdff9bcfff4d940475f5d063f
                                                                                                                                                                                                    • Instruction ID: b76233a8c31ea93de43dfde674f7bf53e3b0d890920ecfc542147e268355b58f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a7392d89f1e279d8a6d564c2a1305181f93ac8bdff9bcfff4d940475f5d063f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0513623A0DB8189F632AB24EC517AAE294EF52380F848233D99D137C1CF3EE0458B14
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000A60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF77FF728000A60(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				long long _t36;
				signed int _t44;
				signed int _t45;
				intOrPtr _t49;
				void* _t51;
				void* _t52;
				void* _t53;
				signed long long _t63;
				char* _t69;
				char* _t70;
				intOrPtr _t73;
				void* _t74;
				long long _t75;
				long long* _t77;
				void* _t85;
				void* _t87;
				signed long long _t90;

				_t63 =  *0x28040430; // 0x449f3b8ca6a
				 *(_t90 + 0xe0) = _t63 ^ _t90;
				_t73 =  *((intOrPtr*)(__r9 + 0x20));
				_t49 = _t73;
				if (_t49 > 0) goto 0x28000aa1;
				asm("inc ecx");
				if (_t49 < 0) goto 0x28000aa1;
				_t44 =  *(__r9 + 0x18);
				asm("movsd xmm0, [esp+0x158]");
				r9d = 6;
				r9d =  >  ? 0x24 : r9d;
				_t85 = _t87;
				_t74 = _t73 - r9d;
				_t51 = (_t44 & 0x00003000) - 0x2000;
				if (_t51 != 0) goto 0x28000b69;
				asm("xorpd xmm3, xmm3");
				asm("movsd xmm4, [0x345eb]");
				asm("comisd xmm3, xmm0");
				if (_t51 <= 0) goto 0x28000af3;
				asm("xorpd xmm0, xmm4");
				goto 0x28000af5;
				asm("movsd xmm1, [0x345cb]");
				asm("movsd xmm2, [0x345bb]");
				asm("comisd xmm0, xmm1");
				if (_t51 < 0) goto 0x28000b27;
				_t52 = _t87 - 0x1388;
				if (_t52 >= 0) goto 0x28000b27;
				asm("divsd xmm0, xmm2");
				asm("comisd xmm0, xmm1");
				if (_t52 >= 0) goto 0x28000b10;
				asm("comisd xmm0, xmm3");
				if (_t52 <= 0) goto 0x28000b61;
				_t53 = _t74 - 0xa;
				if (_t53 < 0) goto 0x28000b61;
				asm("movsd xmm1, [0x3457d]");
				asm("comisd xmm1, xmm0");
				if (_t53 < 0) goto 0x28000b61;
				if (_t85 - 0x1388 >= 0) goto 0x28000b61;
				_t75 = _t74 - 0xa;
				asm("mulsd xmm0, xmm2");
				if (_t75 - 0xa >= 0) goto 0x28000b40;
				if (0 == 0) goto 0x28000b69;
				asm("xorpd xmm0, xmm4");
				_t77 = _t90 + 0x50;
				 *((char*)(_t90 + 0x60)) = 0x25;
				 *_t77 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t77 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ((_t44 & 0x00000020) == 0) goto 0x28000b95;
				 *((char*)(_t90 + 0x61)) = 0x2b;
				_t69 = _t90 + 0x62;
				if ((_t44 & 0x00000010) == 0) goto 0x28000ba0;
				 *_t69 = 0x23;
				_t70 = _t69 + 1;
				 *_t70 = 0x2e;
				_t45 = _t44 & 0x00003000;
				 *((char*)(_t70 + 1)) = 0x2a;
				 *((char*)(_t70 + 2)) = 0x4c;
				if (_t45 != 0x2000) goto 0x28000bbd;
				goto 0x28000bde;
				if (_t45 != 0x3000) goto 0x28000bc9;
				goto 0x28000bde;
				r8d = 0x65;
				_t43 =  ==  ? r8d : 0x67;
				 *((char*)(_t70 + 3)) =  ==  ? r8d : 0x67;
				asm("movsd [esp+0x20], xmm0");
				 *((char*)(_t70 + 4)) = 0;
				_t36 = E00007FF77FF728004828(_t90 + 0x60, __r9);
				_t95 = __r9;
				 *((long long*)(_t90 + 0x48)) = _t36;
				 *((long long*)(_t90 + 0x40)) = _t75;
				 *((long long*)(_t90 + 0x38)) = _t85 + 0xa;
				 *((long long*)(_t90 + 0x30)) = _t87 + 0xa;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x70;
				 *((char*)(_t90 + 0x20)) =  *(_t90 + 0x150) & 0x000000ff;
				E00007FF77FF728000F40( *(_t90 + 0x150) & 0x000000ff, _t45 - 0x1000, _t75, __rcx, __rdx, _t90 + 0x50, __r9);
				return E00007FF77FF728004050( ==  ? r8d : 0x67,  *(_t90 + 0xe0) ^ _t90, __rdx, _t90 + 0x50, _t95);
			}





















                                                                                                                                                                                                    0x7ff728000a70
                                                                                                                                                                                                    0x7ff728000a7a
                                                                                                                                                                                                    0x7ff728000a82
                                                                                                                                                                                                    0x7ff728000a8f
                                                                                                                                                                                                    0x7ff728000a92
                                                                                                                                                                                                    0x7ff728000a94
                                                                                                                                                                                                    0x7ff728000a9a
                                                                                                                                                                                                    0x7ff728000aa1
                                                                                                                                                                                                    0x7ff728000aa4
                                                                                                                                                                                                    0x7ff728000ab5
                                                                                                                                                                                                    0x7ff728000ab8
                                                                                                                                                                                                    0x7ff728000ac1
                                                                                                                                                                                                    0x7ff728000ac4
                                                                                                                                                                                                    0x7ff728000ace
                                                                                                                                                                                                    0x7ff728000ad3
                                                                                                                                                                                                    0x7ff728000ad9
                                                                                                                                                                                                    0x7ff728000add
                                                                                                                                                                                                    0x7ff728000ae5
                                                                                                                                                                                                    0x7ff728000ae9
                                                                                                                                                                                                    0x7ff728000aed
                                                                                                                                                                                                    0x7ff728000af1
                                                                                                                                                                                                    0x7ff728000af5
                                                                                                                                                                                                    0x7ff728000afd
                                                                                                                                                                                                    0x7ff728000b05
                                                                                                                                                                                                    0x7ff728000b09
                                                                                                                                                                                                    0x7ff728000b10
                                                                                                                                                                                                    0x7ff728000b17
                                                                                                                                                                                                    0x7ff728000b19
                                                                                                                                                                                                    0x7ff728000b21
                                                                                                                                                                                                    0x7ff728000b25
                                                                                                                                                                                                    0x7ff728000b27
                                                                                                                                                                                                    0x7ff728000b2b
                                                                                                                                                                                                    0x7ff728000b2d
                                                                                                                                                                                                    0x7ff728000b31
                                                                                                                                                                                                    0x7ff728000b33
                                                                                                                                                                                                    0x7ff728000b40
                                                                                                                                                                                                    0x7ff728000b44
                                                                                                                                                                                                    0x7ff728000b4d
                                                                                                                                                                                                    0x7ff728000b4f
                                                                                                                                                                                                    0x7ff728000b57
                                                                                                                                                                                                    0x7ff728000b5f
                                                                                                                                                                                                    0x7ff728000b63
                                                                                                                                                                                                    0x7ff728000b65
                                                                                                                                                                                                    0x7ff728000b6c
                                                                                                                                                                                                    0x7ff728000b71
                                                                                                                                                                                                    0x7ff728000b76
                                                                                                                                                                                                    0x7ff728000b7d
                                                                                                                                                                                                    0x7ff728000b89
                                                                                                                                                                                                    0x7ff728000b8b
                                                                                                                                                                                                    0x7ff728000b90
                                                                                                                                                                                                    0x7ff728000b98
                                                                                                                                                                                                    0x7ff728000b9a
                                                                                                                                                                                                    0x7ff728000b9d
                                                                                                                                                                                                    0x7ff728000ba0
                                                                                                                                                                                                    0x7ff728000ba3
                                                                                                                                                                                                    0x7ff728000ba9
                                                                                                                                                                                                    0x7ff728000bad
                                                                                                                                                                                                    0x7ff728000bb7
                                                                                                                                                                                                    0x7ff728000bbb
                                                                                                                                                                                                    0x7ff728000bc3
                                                                                                                                                                                                    0x7ff728000bc7
                                                                                                                                                                                                    0x7ff728000bce
                                                                                                                                                                                                    0x7ff728000bda
                                                                                                                                                                                                    0x7ff728000bde
                                                                                                                                                                                                    0x7ff728000beb
                                                                                                                                                                                                    0x7ff728000bf6
                                                                                                                                                                                                    0x7ff728000bfa
                                                                                                                                                                                                    0x7ff728000c04
                                                                                                                                                                                                    0x7ff728000c12
                                                                                                                                                                                                    0x7ff728000c1f
                                                                                                                                                                                                    0x7ff728000c24
                                                                                                                                                                                                    0x7ff728000c29
                                                                                                                                                                                                    0x7ff728000c2e
                                                                                                                                                                                                    0x7ff728000c33
                                                                                                                                                                                                    0x7ff728000c3a
                                                                                                                                                                                                    0x7ff728000c61

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: f56427867cc14d5ba6facdcfc3d5dd5fa3c1aaa7c4077d046ccc8f1ad1e565a5
                                                                                                                                                                                                    • Instruction ID: dbff2acca4dc121febc33933814da7237b150d8c05eb011f64a6225fcbaa2e9e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f56427867cc14d5ba6facdcfc3d5dd5fa3c1aaa7c4077d046ccc8f1ad1e565a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34512622A0CB8189E771AB24EC507AAE795EB92784F948233DA5D177C1DF3ED045CF18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280069E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF77FF7280069E4(void* __ecx, void* __edx, long long __rbx, void* __rdx, long long _a8) {
				signed long long _v24;
				void* _t37;
				signed long long _t41;
				void* _t55;
				void* _t56;
				void* _t60;
				signed long long _t62;

				_a8 = __rbx;
				if (( *(__rdx + 0x18) & 0x00000040) != 0) goto 0x28006a97;
				_t62 = E00007FF77FF728010EB8(_t37, __rdx, __rdx, __rdx, _t55, _t56, _t60);
				if (r11d == 0xffffffff) goto 0x28006a39;
				if (r11d == 0xfffffffe) goto 0x28006a39;
				goto 0x28006a3c;
				if (( *0x7FF7280409D8 & 0x0000007f) != 0) goto 0x28006a69;
				if (r11d == 0xffffffff) goto 0x28006a63;
				if (r11d == 0xfffffffe) goto 0x28006a63;
				_t41 = _t62 >> 5;
				if (( *(_t62 * 0x58 +  *((intOrPtr*)(0x280489e0 + _t41 * 8)) + 0x38) & 0x00000080) == 0) goto 0x28006a97;
				E00007FF77FF7280078AC(_t41);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t41 = 0x16;
				return E00007FF77FF728004430(_t41, __rdx, 0x280409a0, _t62 * 0x58 +  *((intOrPtr*)(0x280489e0 + _t41 * 8)), _t55, _t56, 0x280489e0) | 0xffffffff;
			}










                                                                                                                                                                                                    0x7ff7280069e4
                                                                                                                                                                                                    0x7ff7280069f7
                                                                                                                                                                                                    0x7ff728006a13
                                                                                                                                                                                                    0x7ff728006a1a
                                                                                                                                                                                                    0x7ff728006a20
                                                                                                                                                                                                    0x7ff728006a37
                                                                                                                                                                                                    0x7ff728006a40
                                                                                                                                                                                                    0x7ff728006a46
                                                                                                                                                                                                    0x7ff728006a4c
                                                                                                                                                                                                    0x7ff728006a57
                                                                                                                                                                                                    0x7ff728006a67
                                                                                                                                                                                                    0x7ff728006a69
                                                                                                                                                                                                    0x7ff728006a6e
                                                                                                                                                                                                    0x7ff728006a74
                                                                                                                                                                                                    0x7ff728006a77
                                                                                                                                                                                                    0x7ff728006a7e
                                                                                                                                                                                                    0x7ff728006a96

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_getbuf
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 606515832-2766056989
                                                                                                                                                                                                    • Opcode ID: a4fa89e5b4d4656ba4716eb9c8b861f2449aaef3002945440b091910db96db11
                                                                                                                                                                                                    • Instruction ID: 73004a906a1e2fbfd9c14d6c5cb73ddf3993bc71742a11fca16bdea4b289568b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4fa89e5b4d4656ba4716eb9c8b861f2449aaef3002945440b091910db96db11
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1311C6290CB5240FB74BB68CC44335E691DB42B68F949237DA3D022D6CF7ED8518E68
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728006DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF77FF728006DD4(intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r8, long long _a8, long long _a16) {
				signed long long _v24;
				signed int _t28;
				signed long long _t31;
				void* _t34;
				signed long long _t60;
				intOrPtr* _t64;
				signed long long _t72;
				signed long long _t82;
				void* _t83;
				void* _t84;
				void* _t91;

				_t88 = __r8;
				_t77 = __rdx;
				_t66 = __rcx;
				_t58 = __rax;
				_a16 = __rbx;
				_a8 = __rcx;
				_t64 = __rcx;
				if ((0 | __rcx != 0x00000000) != 0) goto 0x28006e1b;
				E00007FF77FF7280078AC(__rax);
				 *__rax = 0x16;
				_v24 = _v24 & _t82;
				r9d = 0;
				r8d = 0;
				_t28 = E00007FF77FF728004430(__rax, __rcx, __rcx, __rdx, _t83, _t84, __r8);
				goto 0x28006eed;
				E00007FF77FF72800B4D0(_t28 | 0xffffffff, _t66);
				if (( *(_t64 + 0x18) & 0x00000040) != 0) goto 0x28006ec1;
				_t31 = E00007FF77FF728010EB8(_t58, _t64, _t64, _t77, _t83, _t84, _t88);
				if (_t31 == 0xffffffff) goto 0x28006e62;
				if (_t31 == 0xfffffffe) goto 0x28006e62;
				goto 0x28006e73;
				if (( *0x7FF7280409D8 & 0x0000007f) != 0) goto 0x28006e9e;
				if (_t31 == 0xffffffff) goto 0x28006e98;
				if (_t31 == 0xfffffffe) goto 0x28006e98;
				_t72 = _t31;
				_t60 = _t72 >> 5;
				if (( *(_t72 * 0x58 +  *((intOrPtr*)(0x280489e0 + _t60 * 8)) + 0x38) & 0x00000080) == 0) goto 0x28006ec1;
				E00007FF77FF7280078AC(_t60);
				 *_t60 = 0x16;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF728004430(_t60, _t64, _t72 * 0x58 +  *((intOrPtr*)(0x280489e0 + _t60 * 8)), 0x280409a0, _t83, _t84, 0x280489e0);
				if (0xffffffff != 0) goto 0x28006ee3;
				 *((intOrPtr*)(_t64 + 8)) =  *((intOrPtr*)(_t64 + 8)) + 0xffffffff;
				if (0xffffffff < 0) goto 0x28006ed9;
				 *_t64 =  *_t64 + 1;
				goto 0x28006ee3;
				_t34 = E00007FF77FF728010468( *_t64 + 1, _t64, _t64, 0x280409a0, _t83, _t84, 0x280489e0, _t91);
				E00007FF77FF72800B560(_t34, _t64);
				return _t34;
			}














                                                                                                                                                                                                    0x7ff728006dd4
                                                                                                                                                                                                    0x7ff728006dd4
                                                                                                                                                                                                    0x7ff728006dd4
                                                                                                                                                                                                    0x7ff728006dd4
                                                                                                                                                                                                    0x7ff728006dd4
                                                                                                                                                                                                    0x7ff728006dd9
                                                                                                                                                                                                    0x7ff728006de3
                                                                                                                                                                                                    0x7ff728006df2
                                                                                                                                                                                                    0x7ff728006df4
                                                                                                                                                                                                    0x7ff728006df9
                                                                                                                                                                                                    0x7ff728006dff
                                                                                                                                                                                                    0x7ff728006e04
                                                                                                                                                                                                    0x7ff728006e07
                                                                                                                                                                                                    0x7ff728006e0e
                                                                                                                                                                                                    0x7ff728006e16
                                                                                                                                                                                                    0x7ff728006e1b
                                                                                                                                                                                                    0x7ff728006e25
                                                                                                                                                                                                    0x7ff728006e2e
                                                                                                                                                                                                    0x7ff728006e36
                                                                                                                                                                                                    0x7ff728006e3b
                                                                                                                                                                                                    0x7ff728006e60
                                                                                                                                                                                                    0x7ff728006e77
                                                                                                                                                                                                    0x7ff728006e7c
                                                                                                                                                                                                    0x7ff728006e81
                                                                                                                                                                                                    0x7ff728006e83
                                                                                                                                                                                                    0x7ff728006e89
                                                                                                                                                                                                    0x7ff728006e9c
                                                                                                                                                                                                    0x7ff728006e9e
                                                                                                                                                                                                    0x7ff728006ea3
                                                                                                                                                                                                    0x7ff728006ea9
                                                                                                                                                                                                    0x7ff728006eaf
                                                                                                                                                                                                    0x7ff728006eb2
                                                                                                                                                                                                    0x7ff728006eb9
                                                                                                                                                                                                    0x7ff728006ec3
                                                                                                                                                                                                    0x7ff728006ec5
                                                                                                                                                                                                    0x7ff728006ec9
                                                                                                                                                                                                    0x7ff728006ed4
                                                                                                                                                                                                    0x7ff728006ed7
                                                                                                                                                                                                    0x7ff728006edc
                                                                                                                                                                                                    0x7ff728006ee6
                                                                                                                                                                                                    0x7ff728006ef7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 2310398763-2766056989
                                                                                                                                                                                                    • Opcode ID: 72ca26e853ff08c01ad7965e478854bad7cf710359f113a4bafd6f72de130865
                                                                                                                                                                                                    • Instruction ID: 32a2450099414579717df4a23c187ff34744e1c3397b926a6c2233bef19cf1ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72ca26e853ff08c01ad7965e478854bad7cf710359f113a4bafd6f72de130865
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5231F222A0878241EF74AB74DC51339E252EF82B64FD85637DA7D461D2CF3EE4008A28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72801B5D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00007FF77FF72801B5D4(intOrPtr* __rax, long long __rbx, char* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r8, void* __r9, long long _a8) {
				signed long long _v24;
				void* _t17;
				void* _t19;
				void* _t34;
				char* _t40;
				char* _t41;
				char* _t42;
				char* _t44;
				char* _t46;
				void* _t49;
				char* _t59;

				_t49 = __rdx;
				_t46 = __rcx;
				_a8 = __rbx;
				_t59 =  *((intOrPtr*)(__r9 + 0x10));
				_t44 = __rcx;
				if (__rcx != 0) goto 0x2801b612;
				E00007FF77FF7280078AC(__rax);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF77FF728004430(__rax, __rcx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0x2801b6a2;
				if (_t49 == 0) goto 0x2801b5ea;
				 *_t46 = 0;
				_t16 =  >  ? r8d : 0;
				_t17 = ( >  ? r8d : 0) + 1;
				if (_t49 - __rax > 0) goto 0x2801b638;
				_t19 = E00007FF77FF7280078AC(__rax);
				goto 0x2801b5f4;
				 *_t46 = 0x30;
				_t5 = _t46 + 1; // 0x1
				_t40 = _t5;
				goto 0x2801b65d;
				if ( *_t59 == 0) goto 0x2801b650;
				goto 0x2801b655;
				 *_t40 = 0x30;
				_t41 = _t40 + 1;
				r8d = r8d - 1;
				_t34 = r8d;
				if (_t34 > 0) goto 0x2801b641;
				 *_t41 = 0;
				if (_t34 < 0) goto 0x2801b67c;
				if ( *((char*)(_t59 + 1)) - 0x35 < 0) goto 0x2801b67c;
				goto 0x2801b672;
				 *_t41 = 0x30;
				_t42 = _t41 - 1;
				if ( *_t42 == 0x39) goto 0x2801b66f;
				 *_t42 =  *_t42 + 1;
				if ( *_t44 != 0x31) goto 0x2801b687;
				 *((intOrPtr*)(__r9 + 4)) =  *((intOrPtr*)(__r9 + 4)) + 1;
				goto 0x2801b6a0;
				_t8 = _t44 + 1; // 0x1
				E00007FF77FF7280070C0(_t19, _t8);
				_t9 = _t44 + 1; // 0x1
				_t10 = _t42 + 1; // 0x1
				E00007FF77FF72800AE90(0x30,  *_t44 - 0x31, _t44, _t9, _t10);
				return 0;
			}














                                                                                                                                                                                                    0x7ff72801b5d4
                                                                                                                                                                                                    0x7ff72801b5d4
                                                                                                                                                                                                    0x7ff72801b5d4
                                                                                                                                                                                                    0x7ff72801b5de
                                                                                                                                                                                                    0x7ff72801b5e2
                                                                                                                                                                                                    0x7ff72801b5e8
                                                                                                                                                                                                    0x7ff72801b5ea
                                                                                                                                                                                                    0x7ff72801b5f4
                                                                                                                                                                                                    0x7ff72801b5fa
                                                                                                                                                                                                    0x7ff72801b5fd
                                                                                                                                                                                                    0x7ff72801b604
                                                                                                                                                                                                    0x7ff72801b606
                                                                                                                                                                                                    0x7ff72801b60d
                                                                                                                                                                                                    0x7ff72801b615
                                                                                                                                                                                                    0x7ff72801b61c
                                                                                                                                                                                                    0x7ff72801b61f
                                                                                                                                                                                                    0x7ff72801b623
                                                                                                                                                                                                    0x7ff72801b62a
                                                                                                                                                                                                    0x7ff72801b62c
                                                                                                                                                                                                    0x7ff72801b636
                                                                                                                                                                                                    0x7ff72801b638
                                                                                                                                                                                                    0x7ff72801b63b
                                                                                                                                                                                                    0x7ff72801b63b
                                                                                                                                                                                                    0x7ff72801b63f
                                                                                                                                                                                                    0x7ff72801b645
                                                                                                                                                                                                    0x7ff72801b64e
                                                                                                                                                                                                    0x7ff72801b655
                                                                                                                                                                                                    0x7ff72801b657
                                                                                                                                                                                                    0x7ff72801b65a
                                                                                                                                                                                                    0x7ff72801b65d
                                                                                                                                                                                                    0x7ff72801b660
                                                                                                                                                                                                    0x7ff72801b662
                                                                                                                                                                                                    0x7ff72801b665
                                                                                                                                                                                                    0x7ff72801b66b
                                                                                                                                                                                                    0x7ff72801b66d
                                                                                                                                                                                                    0x7ff72801b66f
                                                                                                                                                                                                    0x7ff72801b672
                                                                                                                                                                                                    0x7ff72801b678
                                                                                                                                                                                                    0x7ff72801b67a
                                                                                                                                                                                                    0x7ff72801b67f
                                                                                                                                                                                                    0x7ff72801b681
                                                                                                                                                                                                    0x7ff72801b685
                                                                                                                                                                                                    0x7ff72801b687
                                                                                                                                                                                                    0x7ff72801b68b
                                                                                                                                                                                                    0x7ff72801b690
                                                                                                                                                                                                    0x7ff72801b697
                                                                                                                                                                                                    0x7ff72801b69b
                                                                                                                                                                                                    0x7ff72801b6ac

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID: 1
                                                                                                                                                                                                    • API String ID: 2918714741-2212294583
                                                                                                                                                                                                    • Opcode ID: 9de920149e30724e33a27b75c9f7a44d4c9aef464fb0973900e33d5a7901a343
                                                                                                                                                                                                    • Instruction ID: 8948b555c2dafec95a5a6f0107815828afe48d017f30710b543c1d00808728b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9de920149e30724e33a27b75c9f7a44d4c9aef464fb0973900e33d5a7901a343
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA219452A1D2C185F736AB2C8C24379EA90DF55754FD89032C64D066E2EF1FA5008F29
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF728000630(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				long long _t28;
				signed int _t32;
				signed int _t34;
				signed long long _t47;
				char* _t52;
				char* _t53;
				long long* _t58;
				signed long long _t68;

				_t47 =  *0x28040430; // 0x449f3b8ca6a
				_v40 = _t47 ^ _t68;
				_t58 =  &_v136;
				 *_t58 =  *((intOrPtr*)(__r8));
				_t34 =  *(__r9 + 0x18);
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_v120 = 0x25;
				if ((_t34 & 0x00000020) == 0) goto 0x28000686;
				_v119 = 0x2b;
				_t52 =  &_v118;
				if ((_t34 & 0x00000008) == 0) goto 0x28000691;
				 *_t52 = 0x23;
				_t53 = _t52 + 1;
				 *_t53 = 0x49;
				 *((char*)(_t53 + 1)) = 0x36;
				_t32 = _t34 & 0x00000e00;
				 *((char*)(_t53 + 2)) = 0x34;
				if (_t32 != 0x400) goto 0x280006b0;
				goto 0x280006c7;
				if (_t32 == 0x800) goto 0x280006bc;
				goto 0x280006c7;
				 *((char*)(_t53 + 3)) = 0x78;
				 *((char*)(_t53 + 4)) = 0;
				_t28 = E00007FF77FF728004828( &_v120, _a48);
				_t74 = __r9;
				_v152 = _t28;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF77FF728001B30(0x40, _t32 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF77FF728004050(_a40 & 0x000000ff, _v40 ^ _t68, __rdx,  &_v136, _t74);
			}





















                                                                                                                                                                                                    0x7ff72800063b
                                                                                                                                                                                                    0x7ff728000645
                                                                                                                                                                                                    0x7ff728000653
                                                                                                                                                                                                    0x7ff728000658
                                                                                                                                                                                                    0x7ff728000662
                                                                                                                                                                                                    0x7ff728000666
                                                                                                                                                                                                    0x7ff728000672
                                                                                                                                                                                                    0x7ff72800067a
                                                                                                                                                                                                    0x7ff72800067c
                                                                                                                                                                                                    0x7ff728000681
                                                                                                                                                                                                    0x7ff728000689
                                                                                                                                                                                                    0x7ff72800068b
                                                                                                                                                                                                    0x7ff72800068e
                                                                                                                                                                                                    0x7ff728000691
                                                                                                                                                                                                    0x7ff728000696
                                                                                                                                                                                                    0x7ff72800069a
                                                                                                                                                                                                    0x7ff7280006a0
                                                                                                                                                                                                    0x7ff7280006aa
                                                                                                                                                                                                    0x7ff7280006ae
                                                                                                                                                                                                    0x7ff7280006b6
                                                                                                                                                                                                    0x7ff7280006ba
                                                                                                                                                                                                    0x7ff7280006cf
                                                                                                                                                                                                    0x7ff7280006e1
                                                                                                                                                                                                    0x7ff7280006e5
                                                                                                                                                                                                    0x7ff7280006ef
                                                                                                                                                                                                    0x7ff7280006fd
                                                                                                                                                                                                    0x7ff72800070a
                                                                                                                                                                                                    0x7ff72800070f
                                                                                                                                                                                                    0x7ff728000716
                                                                                                                                                                                                    0x7ff728000738

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 199c0298df90e3aed58233d8eadc2c7ef0cc3010c3b583627453f619fa6fd15e
                                                                                                                                                                                                    • Instruction ID: 46e2bd32bba5f1d73de4e18411942471ea96d4e03b349f34db27b29184cd1e94
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 199c0298df90e3aed58233d8eadc2c7ef0cc3010c3b583627453f619fa6fd15e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6531C05260CBC189E7219B14E8903AAFB91EB99B84F888036DB8C037D5CF7EC509CB15
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF728000740(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				long long _t28;
				signed int _t32;
				signed int _t34;
				signed long long _t47;
				char* _t52;
				char* _t53;
				long long* _t58;
				signed long long _t68;

				_t47 =  *0x28040430; // 0x449f3b8ca6a
				_v40 = _t47 ^ _t68;
				_t58 =  &_v136;
				 *_t58 =  *((intOrPtr*)(__r8));
				_t34 =  *(__r9 + 0x18);
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_v120 = 0x25;
				if ((_t34 & 0x00000020) == 0) goto 0x28000796;
				_v119 = 0x2b;
				_t52 =  &_v118;
				if ((_t34 & 0x00000008) == 0) goto 0x280007a1;
				 *_t52 = 0x23;
				_t53 = _t52 + 1;
				 *_t53 = 0x49;
				 *((char*)(_t53 + 1)) = 0x36;
				_t32 = _t34 & 0x00000e00;
				 *((char*)(_t53 + 2)) = 0x34;
				if (_t32 != 0x400) goto 0x280007c0;
				goto 0x280007d7;
				if (_t32 == 0x800) goto 0x280007cc;
				goto 0x280007d7;
				 *((char*)(_t53 + 3)) = 0x78;
				 *((char*)(_t53 + 4)) = 0;
				_t28 = E00007FF77FF728004828( &_v120, _a48);
				_t74 = __r9;
				_v152 = _t28;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF77FF728001B30(0x40, _t32 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF77FF728004050(_a40 & 0x000000ff, _v40 ^ _t68, __rdx,  &_v136, _t74);
			}





















                                                                                                                                                                                                    0x7ff72800074b
                                                                                                                                                                                                    0x7ff728000755
                                                                                                                                                                                                    0x7ff728000763
                                                                                                                                                                                                    0x7ff728000768
                                                                                                                                                                                                    0x7ff728000772
                                                                                                                                                                                                    0x7ff728000776
                                                                                                                                                                                                    0x7ff728000782
                                                                                                                                                                                                    0x7ff72800078a
                                                                                                                                                                                                    0x7ff72800078c
                                                                                                                                                                                                    0x7ff728000791
                                                                                                                                                                                                    0x7ff728000799
                                                                                                                                                                                                    0x7ff72800079b
                                                                                                                                                                                                    0x7ff72800079e
                                                                                                                                                                                                    0x7ff7280007a1
                                                                                                                                                                                                    0x7ff7280007a6
                                                                                                                                                                                                    0x7ff7280007aa
                                                                                                                                                                                                    0x7ff7280007b0
                                                                                                                                                                                                    0x7ff7280007ba
                                                                                                                                                                                                    0x7ff7280007be
                                                                                                                                                                                                    0x7ff7280007c6
                                                                                                                                                                                                    0x7ff7280007ca
                                                                                                                                                                                                    0x7ff7280007df
                                                                                                                                                                                                    0x7ff7280007f1
                                                                                                                                                                                                    0x7ff7280007f5
                                                                                                                                                                                                    0x7ff7280007ff
                                                                                                                                                                                                    0x7ff72800080d
                                                                                                                                                                                                    0x7ff72800081a
                                                                                                                                                                                                    0x7ff72800081f
                                                                                                                                                                                                    0x7ff728000826
                                                                                                                                                                                                    0x7ff728000848

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 3bca78181c14e379637e49068abc0e93dd171a5e81286bc63a8eb4f6a4bf3c7a
                                                                                                                                                                                                    • Instruction ID: 28b49b1366e07f36d0c238eb6bd466c20f3bcdf04e852eba38a910070020451c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bca78181c14e379637e49068abc0e93dd171a5e81286bc63a8eb4f6a4bf3c7a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C831B11260C7C189E7619B15EC943AAF791EB99B84F988036DB8C03BC6DB7DC509CB15
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000430 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF728000430(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				signed int _t26;
				long long _t33;
				signed int _t37;
				signed long long _t45;
				long long* _t53;
				char* _t61;
				char* _t62;
				signed long long _t66;

				_t45 =  *0x28040430; // 0x449f3b8ca6a
				_v40 = _t45 ^ _t66;
				_t53 =  &_v136;
				 *_t53 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t53 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t26 =  *(__r9 + 0x18);
				_v120 = 0x25;
				if ((_t26 & 0x00000020) == 0) goto 0x28000485;
				_v119 = 0x2b;
				_t61 =  &_v118;
				if ((_t26 & 0x00000008) == 0) goto 0x2800048f;
				 *_t61 = 0x23;
				_t62 = _t61 + 1;
				 *_t62 = 0x6c;
				_t37 = _t26 & 0x00000e00;
				if (_t37 != 0x400) goto 0x280004a6;
				goto 0x280004bb;
				if (_t37 == 0x800) goto 0x280004b2;
				goto 0x280004bb;
				r9d = _a48;
				 *((char*)(_t62 + 1)) = 0x78;
				 *((char*)(_t62 + 2)) = 0;
				_t33 = E00007FF77FF728004828( &_v120, __r9);
				_t71 = __r9;
				_v152 = _t33;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF77FF728001B30(0x40, _t37 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF77FF728004050(_a40 & 0x000000ff, _v40 ^ _t66, __rdx,  &_v136, _t71);
			}





















                                                                                                                                                                                                    0x7ff72800043b
                                                                                                                                                                                                    0x7ff728000445
                                                                                                                                                                                                    0x7ff728000453
                                                                                                                                                                                                    0x7ff728000458
                                                                                                                                                                                                    0x7ff728000462
                                                                                                                                                                                                    0x7ff728000466
                                                                                                                                                                                                    0x7ff72800046d
                                                                                                                                                                                                    0x7ff728000479
                                                                                                                                                                                                    0x7ff72800047b
                                                                                                                                                                                                    0x7ff728000480
                                                                                                                                                                                                    0x7ff728000487
                                                                                                                                                                                                    0x7ff728000489
                                                                                                                                                                                                    0x7ff72800048c
                                                                                                                                                                                                    0x7ff728000491
                                                                                                                                                                                                    0x7ff728000494
                                                                                                                                                                                                    0x7ff7280004a0
                                                                                                                                                                                                    0x7ff7280004a4
                                                                                                                                                                                                    0x7ff7280004ac
                                                                                                                                                                                                    0x7ff7280004b0
                                                                                                                                                                                                    0x7ff7280004bb
                                                                                                                                                                                                    0x7ff7280004c3
                                                                                                                                                                                                    0x7ff7280004c6
                                                                                                                                                                                                    0x7ff7280004d9
                                                                                                                                                                                                    0x7ff7280004e3
                                                                                                                                                                                                    0x7ff7280004f1
                                                                                                                                                                                                    0x7ff7280004fe
                                                                                                                                                                                                    0x7ff728000503
                                                                                                                                                                                                    0x7ff72800050a
                                                                                                                                                                                                    0x7ff72800052c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: d3730cdb89768898581950ed3844910f35159086da06fdda1a3db010544c9348
                                                                                                                                                                                                    • Instruction ID: 715a8940e069aee30a647fb606739df7bc9e4a5b05e082f8696f592a817a7d7c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3730cdb89768898581950ed3844910f35159086da06fdda1a3db010544c9348
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1721ADA3608BC085EB31DB14EC507AEF760EB99794F848036DA9C07B89DF6CD445CB65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF728000530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF77FF728000530(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				signed int _t26;
				long long _t33;
				signed int _t37;
				signed long long _t45;
				long long* _t53;
				char* _t61;
				char* _t62;
				signed long long _t66;

				_t45 =  *0x28040430; // 0x449f3b8ca6a
				_v40 = _t45 ^ _t66;
				_t53 =  &_v136;
				 *_t53 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t53 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t26 =  *(__r9 + 0x18);
				_v120 = 0x25;
				if ((_t26 & 0x00000020) == 0) goto 0x28000585;
				_v119 = 0x2b;
				_t61 =  &_v118;
				if ((_t26 & 0x00000008) == 0) goto 0x2800058f;
				 *_t61 = 0x23;
				_t62 = _t61 + 1;
				 *_t62 = 0x6c;
				_t37 = _t26 & 0x00000e00;
				if (_t37 != 0x400) goto 0x280005a6;
				goto 0x280005bb;
				if (_t37 == 0x800) goto 0x280005b2;
				goto 0x280005bb;
				r9d = _a48;
				 *((char*)(_t62 + 1)) = 0x78;
				 *((char*)(_t62 + 2)) = 0;
				_t33 = E00007FF77FF728004828( &_v120, __r9);
				_t71 = __r9;
				_v152 = _t33;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF77FF728001B30(0x40, _t37 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF77FF728004050(_a40 & 0x000000ff, _v40 ^ _t66, __rdx,  &_v136, _t71);
			}





















                                                                                                                                                                                                    0x7ff72800053b
                                                                                                                                                                                                    0x7ff728000545
                                                                                                                                                                                                    0x7ff728000553
                                                                                                                                                                                                    0x7ff728000558
                                                                                                                                                                                                    0x7ff728000562
                                                                                                                                                                                                    0x7ff728000566
                                                                                                                                                                                                    0x7ff72800056d
                                                                                                                                                                                                    0x7ff728000579
                                                                                                                                                                                                    0x7ff72800057b
                                                                                                                                                                                                    0x7ff728000580
                                                                                                                                                                                                    0x7ff728000587
                                                                                                                                                                                                    0x7ff728000589
                                                                                                                                                                                                    0x7ff72800058c
                                                                                                                                                                                                    0x7ff728000591
                                                                                                                                                                                                    0x7ff728000594
                                                                                                                                                                                                    0x7ff7280005a0
                                                                                                                                                                                                    0x7ff7280005a4
                                                                                                                                                                                                    0x7ff7280005ac
                                                                                                                                                                                                    0x7ff7280005b0
                                                                                                                                                                                                    0x7ff7280005bb
                                                                                                                                                                                                    0x7ff7280005c3
                                                                                                                                                                                                    0x7ff7280005c6
                                                                                                                                                                                                    0x7ff7280005d9
                                                                                                                                                                                                    0x7ff7280005e3
                                                                                                                                                                                                    0x7ff7280005f1
                                                                                                                                                                                                    0x7ff7280005fe
                                                                                                                                                                                                    0x7ff728000603
                                                                                                                                                                                                    0x7ff72800060a
                                                                                                                                                                                                    0x7ff72800062c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 1df7e744390f40849ec1a5d9bdad50f2f4d21f9ca7a496e96129a9086ee3ae5b
                                                                                                                                                                                                    • Instruction ID: 2eb74353d04913c8875310b18395cabe4473bd7476e1043aa1f5d1c8cae69528
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1df7e744390f40849ec1a5d9bdad50f2f4d21f9ca7a496e96129a9086ee3ae5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5021AD6260CBC085EB319B14EC507AAF760EB99784F948036DADC03B89DF6CD045CB65
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF72802C547 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF77FF72802C547(void* __ecx, void* __rax, void* __rdx) {
				void* __rbx;
				void* _t14;
				void* _t17;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t36;

				_t27 = __rax;
				_t18 = __ecx;
				_t36 = __rdx;
				E00007FF77FF72800771C(__rax, _t28,  *((intOrPtr*)(__rdx + 0x50)));
				if ( *((intOrPtr*)(__rdx + 0x20)) != 0) goto 0x2802c5a7;
				_t29 =  *((intOrPtr*)(__rdx + 0xd8));
				if ( *_t29 != 0xe06d7363) goto 0x2802c5a7;
				if ( *((intOrPtr*)(_t29 + 0x18)) != 4) goto 0x2802c5a7;
				if ( *((intOrPtr*)(_t29 + 0x20)) == 0x19930520) goto 0x2802c590;
				if ( *((intOrPtr*)(_t29 + 0x20)) == 0x19930521) goto 0x2802c590;
				if ( *((intOrPtr*)(_t29 + 0x20)) != 0x19930522) goto 0x2802c5a7;
				_t14 = E00007FF77FF7280076E8(__rax,  *((intOrPtr*)(_t29 + 0x28)));
				_t26 = _t14;
				if (_t14 == 0) goto 0x2802c5a7;
				E00007FF77FF7280093E4(1, _t29);
				E00007FF77FF72800B93C(__ecx, _t14, _t27);
				 *((long long*)(_t27 + 0xf0)) =  *((intOrPtr*)(_t36 + 0xe0));
				_t17 = E00007FF77FF72800B93C(_t18, _t26, _t27);
				 *((long long*)(_t27 + 0xf8)) =  *((intOrPtr*)(_t36 + 0xe8));
				return _t17;
			}










                                                                                                                                                                                                    0x7ff72802c547
                                                                                                                                                                                                    0x7ff72802c547
                                                                                                                                                                                                    0x7ff72802c54e
                                                                                                                                                                                                    0x7ff72802c555
                                                                                                                                                                                                    0x7ff72802c55e
                                                                                                                                                                                                    0x7ff72802c560
                                                                                                                                                                                                    0x7ff72802c56d
                                                                                                                                                                                                    0x7ff72802c573
                                                                                                                                                                                                    0x7ff72802c57c
                                                                                                                                                                                                    0x7ff72802c585
                                                                                                                                                                                                    0x7ff72802c58e
                                                                                                                                                                                                    0x7ff72802c594
                                                                                                                                                                                                    0x7ff72802c599
                                                                                                                                                                                                    0x7ff72802c59b
                                                                                                                                                                                                    0x7ff72802c5a2
                                                                                                                                                                                                    0x7ff72802c5a7
                                                                                                                                                                                                    0x7ff72802c5b3
                                                                                                                                                                                                    0x7ff72802c5ba
                                                                                                                                                                                                    0x7ff72802c5c6
                                                                                                                                                                                                    0x7ff72802c5d3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 3186804695-1018135373
                                                                                                                                                                                                    • Opcode ID: 97aebfb5d78ca228d74b9f39178d7e69d976561db45659c44281a7df79628fe9
                                                                                                                                                                                                    • Instruction ID: 8d44893b6bdf85c488eb1c170413c88bcb1137d8a60f398dc86587ea90ba1556
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97aebfb5d78ca228d74b9f39178d7e69d976561db45659c44281a7df79628fe9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 460184629046428AEB30AF368C502BCA364EF68B49FC40137C90D0A6C9DF7AD5C0CB28
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF7280131E8 Relevance: 5.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF77FF7280131E8(void* __ecx, void* __ebp, signed int* __rbx, long long __rcx, signed int __rsi) {
				void* __rdi;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				char _t44;
				char _t45;
				char _t46;
				void* _t52;
				signed int _t58;
				void* _t65;
				void* _t73;
				signed int* _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int* _t80;
				char* _t100;
				char* _t101;
				void* _t102;
				long long _t105;
				signed int _t107;
				signed int* _t109;
				signed int* _t111;
				void* _t112;
				char* _t115;
				void* _t118;
				void* _t120;
				signed int* _t123;
				void* _t125;
				signed int* _t127;
				void* _t129;
				signed int* _t130;

				_t80 = __rbx;
				_t52 = __ecx;
				_t75 = _t111;
				_t75[2] = __rbx;
				_t75[4] = _t107;
				_t75[6] = __rsi;
				_t112 = _t111 - 0x40;
				_t105 = __rcx;
				 *((long long*)(_t75 - 0x38)) = __rcx;
				 *((long long*)(_t75 - 0x30)) = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x1c)) != 0) goto 0x2801322d;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0) goto 0x2801322d;
				goto 0x28013385;
				_t8 = _t102 - 0x57; // 0x1
				r12d = _t8;
				E00007FF77FF72800A5E0(__rbx, _t118, _t102, _t102, __rcx, 0x280401a0, _t129, _t125);
				_t109 = _t75;
				if (_t75 != _t80) goto 0x28013251;
				goto 0x280133d6;
				E00007FF77FF72800AE90(_t52, _t75 - _t80, _t75,  *(_t105 + 0x128), _t102);
				E00007FF77FF72800A574(__ebp, _t75, _t80, _t102, _t105, _t109);
				_t127 = _t75;
				if (_t75 != _t80) goto 0x28013282;
				free(_t120);
				goto 0x28013249;
				 *_t75 = 0;
				if ( *((intOrPtr*)(_t105 + 0x1c)) == 0) goto 0x28013355;
				E00007FF77FF72800A574(__ebp, _t75, _t80, _t102, _t105, _t109);
				_t65 = _t75 - _t80;
				if (_t65 == 0) goto 0x28013310;
				 *_t75 = 0;
				_t58 =  *(_t105 + 0x3e) & 0x0000ffff;
				r9d = 0xe;
				r8d = _t58;
				 *(_t112 + 0x20) = _t109;
				_t39 = E00007FF77FF72800FB68(0, r12d, _t80, _t112 + 0x30, _t102);
				_t14 =  &(_t109[2]); // 0x8
				 *(_t112 + 0x20) = _t14;
				r9d = 0xf;
				r8d = _t58;
				_t40 = E00007FF77FF72800FB68(_t39, r12d, _t80, _t112 + 0x30, _t102);
				_t17 =  &(_t109[4]); // 0x10
				_t130 = _t17;
				r9d = 0x10;
				r8d = _t58;
				 *(_t112 + 0x20) = _t130;
				_t41 = E00007FF77FF72800FB68(_t39 | _t40, r12d, _t80, _t112 + 0x30, _t102);
				if (_t65 == 0) goto 0x28013320;
				E00007FF77FF7280131A0(_t41 | _t39 | _t40, _t109);
				r12d = r12d | 0xffffffff;
				free(_t118);
				goto 0x2801327b;
				_t100 =  *_t130;
				goto 0x28013338;
				_t44 =  *_t100;
				if (_t44 - 0x30 < 0) goto 0x2801333e;
				if (_t44 - 0x39 > 0) goto 0x2801333e;
				_t45 = _t44 - 0x30;
				 *_t100 = _t45;
				_t101 = _t100 + _t118;
				if ( *_t101 != 0) goto 0x28013327;
				goto 0x28013379;
				if (_t45 != 0x3b) goto 0x28013335;
				_t115 = _t101;
				_t46 =  *((intOrPtr*)(_t115 + 1));
				 *_t115 = _t46;
				if (_t46 != 0) goto 0x28013345;
				goto 0x28013338;
				_t76 =  *0x280401a0; // 0x7ff728040190
				_t123 = _t80;
				 *_t109 = _t76;
				_t77 =  *0x280401a8; // 0x7ff728043064
				_t109[2] = _t77;
				_t78 =  *0x280401b0; // 0x7ff728043064
				_t109[4] = _t78;
				 *_t127 = r12d;
				if (_t123 == _t80) goto 0x28013385;
				 *_t123 = r12d;
				if ( *(_t105 + 0x118) == _t80) goto 0x28013395;
				asm("lock add dword [eax], 0xffffffff");
				_t73 =  *(_t105 + 0x110) - _t80;
				if (_t73 == 0) goto 0x280133bf;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t73 != 0) goto 0x280133bf;
				free(_t102);
				free(??);
				 *(_t105 + 0x118) = _t123;
				 *(_t105 + 0x110) = _t127;
				 *(_t105 + 0x128) = _t109;
				return 0;
			}



































                                                                                                                                                                                                    0x7ff7280131e8
                                                                                                                                                                                                    0x7ff7280131e8
                                                                                                                                                                                                    0x7ff7280131e8
                                                                                                                                                                                                    0x7ff7280131eb
                                                                                                                                                                                                    0x7ff7280131ef
                                                                                                                                                                                                    0x7ff7280131f3
                                                                                                                                                                                                    0x7ff728013200
                                                                                                                                                                                                    0x7ff728013206
                                                                                                                                                                                                    0x7ff728013209
                                                                                                                                                                                                    0x7ff72801320d
                                                                                                                                                                                                    0x7ff728013214
                                                                                                                                                                                                    0x7ff728013219
                                                                                                                                                                                                    0x7ff728013228
                                                                                                                                                                                                    0x7ff728013235
                                                                                                                                                                                                    0x7ff728013235
                                                                                                                                                                                                    0x7ff72801323c
                                                                                                                                                                                                    0x7ff728013241
                                                                                                                                                                                                    0x7ff728013247
                                                                                                                                                                                                    0x7ff72801324c
                                                                                                                                                                                                    0x7ff72801325e
                                                                                                                                                                                                    0x7ff72801326b
                                                                                                                                                                                                    0x7ff728013270
                                                                                                                                                                                                    0x7ff728013276
                                                                                                                                                                                                    0x7ff72801327b
                                                                                                                                                                                                    0x7ff728013280
                                                                                                                                                                                                    0x7ff728013282
                                                                                                                                                                                                    0x7ff728013287
                                                                                                                                                                                                    0x7ff728013290
                                                                                                                                                                                                    0x7ff728013298
                                                                                                                                                                                                    0x7ff72801329b
                                                                                                                                                                                                    0x7ff72801329d
                                                                                                                                                                                                    0x7ff72801329f
                                                                                                                                                                                                    0x7ff7280132a8
                                                                                                                                                                                                    0x7ff7280132b1
                                                                                                                                                                                                    0x7ff7280132b4
                                                                                                                                                                                                    0x7ff7280132b9
                                                                                                                                                                                                    0x7ff7280132be
                                                                                                                                                                                                    0x7ff7280132c2
                                                                                                                                                                                                    0x7ff7280132cc
                                                                                                                                                                                                    0x7ff7280132d2
                                                                                                                                                                                                    0x7ff7280132da
                                                                                                                                                                                                    0x7ff7280132df
                                                                                                                                                                                                    0x7ff7280132df
                                                                                                                                                                                                    0x7ff7280132e8
                                                                                                                                                                                                    0x7ff7280132ee
                                                                                                                                                                                                    0x7ff7280132f6
                                                                                                                                                                                                    0x7ff7280132fb
                                                                                                                                                                                                    0x7ff728013302
                                                                                                                                                                                                    0x7ff728013307
                                                                                                                                                                                                    0x7ff72801330c
                                                                                                                                                                                                    0x7ff728013313
                                                                                                                                                                                                    0x7ff72801331b
                                                                                                                                                                                                    0x7ff728013320
                                                                                                                                                                                                    0x7ff728013325
                                                                                                                                                                                                    0x7ff728013327
                                                                                                                                                                                                    0x7ff72801332b
                                                                                                                                                                                                    0x7ff72801332f
                                                                                                                                                                                                    0x7ff728013331
                                                                                                                                                                                                    0x7ff728013333
                                                                                                                                                                                                    0x7ff728013335
                                                                                                                                                                                                    0x7ff72801333a
                                                                                                                                                                                                    0x7ff72801333c
                                                                                                                                                                                                    0x7ff728013340
                                                                                                                                                                                                    0x7ff728013342
                                                                                                                                                                                                    0x7ff728013345
                                                                                                                                                                                                    0x7ff728013349
                                                                                                                                                                                                    0x7ff728013351
                                                                                                                                                                                                    0x7ff728013353
                                                                                                                                                                                                    0x7ff728013355
                                                                                                                                                                                                    0x7ff72801335c
                                                                                                                                                                                                    0x7ff72801335f
                                                                                                                                                                                                    0x7ff728013363
                                                                                                                                                                                                    0x7ff72801336a
                                                                                                                                                                                                    0x7ff72801336e
                                                                                                                                                                                                    0x7ff728013375
                                                                                                                                                                                                    0x7ff728013379
                                                                                                                                                                                                    0x7ff72801337f
                                                                                                                                                                                                    0x7ff728013381
                                                                                                                                                                                                    0x7ff72801338f
                                                                                                                                                                                                    0x7ff728013391
                                                                                                                                                                                                    0x7ff72801339c
                                                                                                                                                                                                    0x7ff72801339f
                                                                                                                                                                                                    0x7ff7280133a1
                                                                                                                                                                                                    0x7ff7280133a5
                                                                                                                                                                                                    0x7ff7280133ae
                                                                                                                                                                                                    0x7ff7280133ba
                                                                                                                                                                                                    0x7ff7280133bf
                                                                                                                                                                                                    0x7ff7280133c6
                                                                                                                                                                                                    0x7ff7280133cd
                                                                                                                                                                                                    0x7ff7280133f3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000010.00000002.702820340.00007FF727FF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF727FF0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000010.00000002.702809977.00007FF727FF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702940883.00007FF728030000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.702975264.00007FF728040000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703007136.00007FF72804A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000010.00000002.703027151.00007FF72804F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ff727ff0000_EsgInstallerDelay__0.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: 8821a1df296688c370d858aa2f429f45ff0a23e2406f815d5f3f7c622645e2ca
                                                                                                                                                                                                    • Instruction ID: a21a57c2de696a411aa2c6e0ee40a8d18a79655dc97187c7dc7c87e552da6171
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8821a1df296688c370d858aa2f429f45ff0a23e2406f815d5f3f7c622645e2ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B151C632A0968185EB70AF12AC411BDF790FB44B90F895536DB9D477C1DE3EE541CB18
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00007FF6B0A910F0 Relevance: 26.8, APIs: 12, Strings: 3, Instructions: 501stringCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF67FF6B0A910F0(void* __ecx, long long __rbx, void* __rdx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v104;
				long long _v112;
				char _v128;
				char _v136;
				long long _v144;
				long long _v152;
				char _v168;
				char _v176;
				long long _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				char _v232;
				char _v248;
				char _v264;
				long long _v272;
				long long _v280;
				long long _v288;
				char _v312;
				char _v328;
				char _v344;
				long long _v352;
				long long _v360;
				long long _v368;
				char _v376;
				long long _v384;
				long long _v392;
				long long _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				signed long long _v440;
				long long _v448;
				signed long long _v456;
				long long _v464;
				long long _v472;
				long long _v480;
				void* _v504;
				long long _v512;
				signed int _v520;
				signed int _v528;
				signed int _v536;
				long long _v544;
				signed int _v552;
				void* __rdi;
				void* __r12;
				void* __r13;
				void* __r14;
				void* __r15;
				int _t262;
				void* _t289;
				signed int _t331;
				signed long long _t333;
				signed int _t335;
				void* _t347;
				void* _t349;
				signed long long _t402;
				signed long long _t405;
				long long _t420;
				long long _t435;
				void* _t471;
				void* _t487;
				void* _t495;
				void* _t502;
				char* _t521;
				char* _t527;
				char* _t528;
				signed long long _t530;
				long long _t534;
				long long _t537;
				void* _t545;
				void* _t553;
				void* _t554;
				void* _t555;
				void* _t557;
				long long _t558;

				_t542 = __rbp;
				_t437 = __rbx;
				_t340 = __ecx;
				_t555 = _t545;
				_v184 = 0xfffffffe;
				 *((long long*)(_t555 + 8)) = __rbx;
				 *((long long*)(_t555 + 0x18)) = __rbp;
				 *((long long*)(_t555 + 0x20)) = __rsi;
				_t402 =  *0xb0ae0430; // 0x449f37dbf1f
				_v56 = _t402 ^ _t545 - 0x00000220;
				_t539 = __rdx;
				_t350 = __ecx;
				r13d = 0;
				r12d = r13d;
				 *((long long*)(_t555 - 0x40)) = 7;
				 *((long long*)(_t555 - 0x48)) = _t558;
				 *((intOrPtr*)(_t555 - 0x58)) = r13w;
				 *((long long*)(_t555 - 0x90)) = 7;
				 *((long long*)(_t555 - 0x98)) = _t558;
				 *((intOrPtr*)(_t555 - 0xa8)) = r13w;
				if (__ecx <= 0) goto 0xb0a9134d;
				_t262 = lstrcmpiW(??, ??); // executed
				if (_t262 != 0) goto 0xb0a911bd;
				_t331 = r13d + 1;
				if (_t331 - __ecx >= 0) goto 0xb0a91248;
				_t530 =  *((intOrPtr*)(__rdx + _t331 * 8));
				asm("repne scasw");
				E00007FF67FF6B0A92070(__rbx,  &_v96,  *((intOrPtr*)(__rdx + _t331 * 8)), _t530, __rbp,  !( *(__rdx + r13d * 8) | 0xffffffff) - 1, _t557);
				goto 0xb0a9123b;
				if (lstrcmpiW(??, ??) != 0) goto 0xb0a91207;
				_t333 = _t331 + 2;
				if (_t333 - __ecx >= 0) goto 0xb0a9129f;
				_t405 = _t333;
				asm("repne scasw");
				_t549 =  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1;
				E00007FF67FF6B0A92070(_t437,  &_v176,  *((intOrPtr*)(__rdx + _t405 * 8)),  *((intOrPtr*)(__rdx + _t405 * 8)), _t542,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t557);
				goto 0xb0a9123b;
				if (lstrcmpiW(??, ??) != 0) goto 0xb0a91239;
				_t335 = _t333 + 2;
				if (_t335 - __ecx >= 0) goto 0xb0a912f6;
				r12d = E00007FF67FF6B0AA4578(_t437,  *((intOrPtr*)(__rdx + _t335 * 8)), L"-wait");
				goto 0xb0a9123b;
				if (_t335 + 2 - __ecx >= 0) goto 0xb0a9134d;
				goto 0xb0a91170;
				if (_v144 - 8 < 0) goto 0xb0a91260;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a91295;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0xb0a91b53;
				if (_v144 - 8 < 0) goto 0xb0a912b7;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a912ec;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0xb0a91b53;
				if (_v144 - 8 < 0) goto 0xb0a9130e;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v168, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a91343;
				E00007FF67FF6B0AA44D8(_t405, _t437, _v88, L"-wait", __rdx,  !( *(__rdx + _t530 * 8) | 0xffffffff) - 1, _t553);
				goto 0xb0a91b53;
				E00007FF67FF6B0ACAF90(_t340, _v64 - 8, _t405, _t437,  &_v136, _t542, _t553, _t557);
				E00007FF67FF6B0AA45E0(_t405,  &_v136);
				if (_t405 == 0) goto 0xb0a91374;
				 *_t405 =  &_v504;
				goto 0xb0a91377;
				_t406 = _t558;
				_v504 = _t558;
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				if (_v72 == 0) goto 0xb0a91a7c;
				_t517 =  >=  ? _v88 :  &_v88;
				r8d = _v72;
				E00007FF67FF6B0A99DE0(_t558,  &_v232,  >=  ? _v88 :  &_v88, _t549, _t553);
				E00007FF67FF6B0A99BD0(_t437,  &_v504, _t558);
				if (_v208 == 0) goto 0xb0a913ea;
				E00007FF67FF6B0AA44D8(_t558, _t437, _v208, _t558, _t539, _t549, _t553);
				_v208 = _t558;
				_v200 = _t558;
				_v192 = _t558;
				E00007FF67FF6B0AA44D8(_t558, _t437, _v232, _t406, _t539, _t549, _t553);
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v528 = _v528 ^ 0x82cdfde3;
				_v440 = _v528 ^ 0x852c1a21;
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v456 = _v528 ^ 0x82cdfde3;
				_v528 = 0xf4e105e2;
				_v528 = _v528 ^ 0x238cb6e1;
				_v520 = 0xf4e105e2;
				_v408 = _v520;
				_v400 = _v528;
				_v392 = _v456;
				_v384 = _v440;
				r8d = 0;
				if (E00007FF67FF6B0ACBF20(_t335 + 2, 8, _t347, _t349, _t350, _v208, _t437,  &_v504,  &_v408, 0xf4e105e2, 0x238cb6e1, _t549, _t553, _t554, _t557, _t558, 0x82cdfde3, 0x852c1a21) == 0) goto 0xb0a91a7c;
				_t420 = _v472;
				_t438 = _t420;
				if (_v480 - _t420 <= 0) goto 0xb0a91517;
				E00007FF67FF6B0AA44B8();
				_t421 = _v472;
				_t534 = _v480;
				_v520 = _v504;
				_v512 = _t420;
				if (_t534 - _v472 <= 0) goto 0xb0a91535;
				E00007FF67FF6B0AA44B8();
				_v456 = _v504;
				_v448 = _t534;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x150], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0x140], xmm1");
				r9d = _v536 & 0x000000ff;
				_t550 =  &_v248;
				_t521 =  &_v264;
				E00007FF67FF6B0A928C0( &_v96, _t521,  &_v248);
				_t289 = E00007FF67FF6B0ACB620(_t335 + 2, _v472,  &_v96, 0xf4e105e2, 0x238cb6e1, _t554); // executed
				if (_t289 != 0) goto 0xb0a91678;
				_t471 =  >=  ? _v128 :  &_v128;
				_t111 = _t521 + 4; // 0x4
				r8d = _t111;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0xb0a915d2;
				E00007FF67FF6B0AA44D8(_v472, _t420, _v480, _t521, 0xf4e105e2,  &_v248, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF67FF6B0AA44D8(_v472, _t420, _v504, _t521, 0xf4e105e2,  &_v248, _t553);
				if (_v104 - 8 < 0) goto 0xb0a91604;
				E00007FF67FF6B0AA44D8(_v472, _t420, _v128, _t521, 0xf4e105e2,  &_v248, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0xb0a91639;
				E00007FF67FF6B0AA44D8(_v472, _t420, _v168, _t521, 0xf4e105e2,  &_v248, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a9166e;
				E00007FF67FF6B0AA44D8(_t421, _t420, _v88, _t521, 0xf4e105e2,  &_v248, _t553);
				goto 0xb0a91b53;
				if (_v152 == 0) goto 0xb0a9192d;
				_t523 =  >=  ? _v168 :  &_v168;
				r8d = _v152;
				E00007FF67FF6B0A99DE0(_t421,  &_v312,  >=  ? _v168 :  &_v168,  &_v248, _t553);
				E00007FF67FF6B0A99BD0(_t420,  &_v504, _t421);
				if (_v288 == 0) goto 0xb0a916d7;
				E00007FF67FF6B0AA44D8(_t421, _t420, _v288, _t421, 0xf4e105e2,  &_v248, _t553);
				_v288 = _t558;
				_v280 = _t558;
				_v272 = _t558;
				E00007FF67FF6B0AA44D8(_t421, _t420, _v312, _t421, 0xf4e105e2,  &_v248, _t553);
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v520 = _v520 ^ 0x82cdfde3;
				_v456 = _v520 ^ 0x852c1a21;
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v440 = _v520 ^ 0x82cdfde3;
				_v520 = 0xf4e105e2;
				_v520 = _v520 ^ 0x238cb6e1;
				_v528 = 0xf4e105e2;
				_v376 = _v528;
				_v368 = _v520;
				_v360 = _v440;
				_v352 = _v456;
				r8d = 0;
				if (E00007FF67FF6B0ACBF20(_t335 + 2, 8, _t347, _t349, _t350, _v288, _t438,  &_v504,  &_v376, 0xf4e105e2, 0x238cb6e1, _t550, _t553, _t554, _t557, _t558, 0x82cdfde3, 0x852c1a21) == 0) goto 0xb0a91851;
				_t435 = _v472;
				_t439 = _t435;
				if (_v480 - _t435 <= 0) goto 0xb0a917dc;
				E00007FF67FF6B0AA44B8();
				_t436 = _v472;
				_t537 = _v480;
				_v520 = _v504;
				_v512 = _t435;
				if (_t537 - _v472 <= 0) goto 0xb0a917fa;
				E00007FF67FF6B0AA44B8();
				_v456 = _v504;
				_v448 = _t537;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x100], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0xf0], xmm1");
				r9d = _v536 & 0x000000ff;
				_t527 =  &_v344;
				E00007FF67FF6B0A928C0( &_v176, _t527,  &_v328);
				goto 0xb0a9192d;
				_t487 =  >=  ? _v128 :  &_v128;
				_t184 = _t527 + 4; // 0x4
				r8d = _t184;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0xb0a91887;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v480, _t527, 0xf4e105e2,  &_v328, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v504, _t527, 0xf4e105e2,  &_v328, _t553);
				if (_v104 - 8 < 0) goto 0xb0a918b9;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v128, _t527, 0xf4e105e2,  &_v328, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0xb0a918ee;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v168, _t527, 0xf4e105e2,  &_v328, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a91923;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v88, _t527, 0xf4e105e2,  &_v328, _t553);
				goto 0xb0a91b53;
				if (r12d == 0) goto 0xb0a91942;
				r12d = r12d * 0x3e8;
				SleepEx(??, ??); // executed
				_v432 = 0;
				_v428 = 0;
				_v424 = 0;
				_v420 = 0;
				_v416 = 0;
				_v412 = 0;
				_v544 = _t558;
				_v552 = r13d;
				r9d = 0;
				_t552 =  &_v176;
				_t528 =  &_v96;
				E00007FF67FF6B0ACB6B0(_t335 + 2, r12d, _v472,  &_v432, _t528,  &_v176, _t553, _t555);
				_t495 =  >=  ? _v128 :  &_v128;
				_t216 = _t528 + 4; // 0x4
				r8d = _t216;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0xb0a919d9;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v480, _t528, 0xf4e105e2,  &_v176, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF67FF6B0AA44D8(_v472, _t435, _v504, _t528, 0xf4e105e2,  &_v176, _t553);
				if (_v104 - 8 < 0) goto 0xb0a91a0b;
				E00007FF67FF6B0AA44D8(_t436, _t435, _v128, _t528, 0xf4e105e2,  &_v176, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0xb0a91a40;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v168, _t528, 0xf4e105e2,  &_v176, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a91a75;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v88, _t528, 0xf4e105e2,  &_v176, _t553);
				goto 0xb0a91b53;
				_t502 =  >=  ? _v128 :  &_v128;
				_t239 = _t528 + 4; // 0x4
				r8d = _t239;
				MoveFileExW(??, ??, ??);
				if (_v480 == 0) goto 0xb0a91ab2;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v480, _t528, 0xf4e105e2,  &_v176, _t553);
				_v480 = _t558;
				_v472 = _t558;
				_v464 = _t558;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v504, _t528, 0xf4e105e2,  &_v176, _t553);
				if (_v104 - 8 < 0) goto 0xb0a91ae4;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v128, _t528, 0xf4e105e2,  &_v176, _t553);
				_v104 = 7;
				_v112 = _t558;
				_v128 = r13w;
				if (_v144 - 8 < 0) goto 0xb0a91b19;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v168, _t528, 0xf4e105e2, _t552, _t553);
				_v144 = 7;
				_v152 = _t558;
				_v168 = r13w;
				if (_v64 - 8 < 0) goto 0xb0a91b4e;
				E00007FF67FF6B0AA44D8(_t436, _t439, _v88, _t528, 0xf4e105e2, _t552, _t553);
				return E00007FF67FF6B0AA4050(r12d, _v56 ^ _t545 - 0x00000220, _t528, _t552, _t553);
			}

























































































                                                                                                                                                                                                    0x7ff6b0a910f0
                                                                                                                                                                                                    0x7ff6b0a910f0
                                                                                                                                                                                                    0x7ff6b0a910f0
                                                                                                                                                                                                    0x7ff6b0a910f0
                                                                                                                                                                                                    0x7ff6b0a91103
                                                                                                                                                                                                    0x7ff6b0a9110f
                                                                                                                                                                                                    0x7ff6b0a91113
                                                                                                                                                                                                    0x7ff6b0a91117
                                                                                                                                                                                                    0x7ff6b0a9111b
                                                                                                                                                                                                    0x7ff6b0a91125
                                                                                                                                                                                                    0x7ff6b0a9112d
                                                                                                                                                                                                    0x7ff6b0a91130
                                                                                                                                                                                                    0x7ff6b0a91132
                                                                                                                                                                                                    0x7ff6b0a91135
                                                                                                                                                                                                    0x7ff6b0a91138
                                                                                                                                                                                                    0x7ff6b0a91140
                                                                                                                                                                                                    0x7ff6b0a91144
                                                                                                                                                                                                    0x7ff6b0a91149
                                                                                                                                                                                                    0x7ff6b0a91154
                                                                                                                                                                                                    0x7ff6b0a9115b
                                                                                                                                                                                                    0x7ff6b0a91168
                                                                                                                                                                                                    0x7ff6b0a9117e
                                                                                                                                                                                                    0x7ff6b0a91186
                                                                                                                                                                                                    0x7ff6b0a91188
                                                                                                                                                                                                    0x7ff6b0a9118c
                                                                                                                                                                                                    0x7ff6b0a9119f
                                                                                                                                                                                                    0x7ff6b0a911a2
                                                                                                                                                                                                    0x7ff6b0a911b4
                                                                                                                                                                                                    0x7ff6b0a911bb
                                                                                                                                                                                                    0x7ff6b0a911d0
                                                                                                                                                                                                    0x7ff6b0a911d2
                                                                                                                                                                                                    0x7ff6b0a911d6
                                                                                                                                                                                                    0x7ff6b0a911dc
                                                                                                                                                                                                    0x7ff6b0a911ec
                                                                                                                                                                                                    0x7ff6b0a911f2
                                                                                                                                                                                                    0x7ff6b0a911fe
                                                                                                                                                                                                    0x7ff6b0a91205
                                                                                                                                                                                                    0x7ff6b0a9121a
                                                                                                                                                                                                    0x7ff6b0a9121c
                                                                                                                                                                                                    0x7ff6b0a91220
                                                                                                                                                                                                    0x7ff6b0a91232
                                                                                                                                                                                                    0x7ff6b0a91237
                                                                                                                                                                                                    0x7ff6b0a9123d
                                                                                                                                                                                                    0x7ff6b0a91243
                                                                                                                                                                                                    0x7ff6b0a91251
                                                                                                                                                                                                    0x7ff6b0a9125b
                                                                                                                                                                                                    0x7ff6b0a91260
                                                                                                                                                                                                    0x7ff6b0a9126c
                                                                                                                                                                                                    0x7ff6b0a91274
                                                                                                                                                                                                    0x7ff6b0a91286
                                                                                                                                                                                                    0x7ff6b0a91290
                                                                                                                                                                                                    0x7ff6b0a9129a
                                                                                                                                                                                                    0x7ff6b0a912a8
                                                                                                                                                                                                    0x7ff6b0a912b2
                                                                                                                                                                                                    0x7ff6b0a912b7
                                                                                                                                                                                                    0x7ff6b0a912c3
                                                                                                                                                                                                    0x7ff6b0a912cb
                                                                                                                                                                                                    0x7ff6b0a912dd
                                                                                                                                                                                                    0x7ff6b0a912e7
                                                                                                                                                                                                    0x7ff6b0a912f1
                                                                                                                                                                                                    0x7ff6b0a912ff
                                                                                                                                                                                                    0x7ff6b0a91309
                                                                                                                                                                                                    0x7ff6b0a9130e
                                                                                                                                                                                                    0x7ff6b0a9131a
                                                                                                                                                                                                    0x7ff6b0a91322
                                                                                                                                                                                                    0x7ff6b0a91334
                                                                                                                                                                                                    0x7ff6b0a9133e
                                                                                                                                                                                                    0x7ff6b0a91348
                                                                                                                                                                                                    0x7ff6b0a91355
                                                                                                                                                                                                    0x7ff6b0a91360
                                                                                                                                                                                                    0x7ff6b0a91368
                                                                                                                                                                                                    0x7ff6b0a9136f
                                                                                                                                                                                                    0x7ff6b0a91372
                                                                                                                                                                                                    0x7ff6b0a91374
                                                                                                                                                                                                    0x7ff6b0a91377
                                                                                                                                                                                                    0x7ff6b0a9137c
                                                                                                                                                                                                    0x7ff6b0a91381
                                                                                                                                                                                                    0x7ff6b0a91386
                                                                                                                                                                                                    0x7ff6b0a91394
                                                                                                                                                                                                    0x7ff6b0a913ab
                                                                                                                                                                                                    0x7ff6b0a913b4
                                                                                                                                                                                                    0x7ff6b0a913c4
                                                                                                                                                                                                    0x7ff6b0a913d2
                                                                                                                                                                                                    0x7ff6b0a913e3
                                                                                                                                                                                                    0x7ff6b0a913e5
                                                                                                                                                                                                    0x7ff6b0a913ea
                                                                                                                                                                                                    0x7ff6b0a913f2
                                                                                                                                                                                                    0x7ff6b0a913fa
                                                                                                                                                                                                    0x7ff6b0a9140a
                                                                                                                                                                                                    0x7ff6b0a91419
                                                                                                                                                                                                    0x7ff6b0a91430
                                                                                                                                                                                                    0x7ff6b0a91447
                                                                                                                                                                                                    0x7ff6b0a9145e
                                                                                                                                                                                                    0x7ff6b0a91466
                                                                                                                                                                                                    0x7ff6b0a91473
                                                                                                                                                                                                    0x7ff6b0a91480
                                                                                                                                                                                                    0x7ff6b0a91488
                                                                                                                                                                                                    0x7ff6b0a91495
                                                                                                                                                                                                    0x7ff6b0a9149a
                                                                                                                                                                                                    0x7ff6b0a914b9
                                                                                                                                                                                                    0x7ff6b0a914c1
                                                                                                                                                                                                    0x7ff6b0a914c9
                                                                                                                                                                                                    0x7ff6b0a914d1
                                                                                                                                                                                                    0x7ff6b0a914d9
                                                                                                                                                                                                    0x7ff6b0a914f0
                                                                                                                                                                                                    0x7ff6b0a914f6
                                                                                                                                                                                                    0x7ff6b0a914fb
                                                                                                                                                                                                    0x7ff6b0a91506
                                                                                                                                                                                                    0x7ff6b0a91508
                                                                                                                                                                                                    0x7ff6b0a9150d
                                                                                                                                                                                                    0x7ff6b0a91512
                                                                                                                                                                                                    0x7ff6b0a9151c
                                                                                                                                                                                                    0x7ff6b0a91521
                                                                                                                                                                                                    0x7ff6b0a91529
                                                                                                                                                                                                    0x7ff6b0a9152b
                                                                                                                                                                                                    0x7ff6b0a91535
                                                                                                                                                                                                    0x7ff6b0a9153d
                                                                                                                                                                                                    0x7ff6b0a91545
                                                                                                                                                                                                    0x7ff6b0a9154a
                                                                                                                                                                                                    0x7ff6b0a91553
                                                                                                                                                                                                    0x7ff6b0a9155b
                                                                                                                                                                                                    0x7ff6b0a91564
                                                                                                                                                                                                    0x7ff6b0a9156a
                                                                                                                                                                                                    0x7ff6b0a91572
                                                                                                                                                                                                    0x7ff6b0a91582
                                                                                                                                                                                                    0x7ff6b0a9158f
                                                                                                                                                                                                    0x7ff6b0a91596
                                                                                                                                                                                                    0x7ff6b0a915ad
                                                                                                                                                                                                    0x7ff6b0a915b8
                                                                                                                                                                                                    0x7ff6b0a915b8
                                                                                                                                                                                                    0x7ff6b0a915bc
                                                                                                                                                                                                    0x7ff6b0a915cb
                                                                                                                                                                                                    0x7ff6b0a915cd
                                                                                                                                                                                                    0x7ff6b0a915d2
                                                                                                                                                                                                    0x7ff6b0a915d7
                                                                                                                                                                                                    0x7ff6b0a915dc
                                                                                                                                                                                                    0x7ff6b0a915e6
                                                                                                                                                                                                    0x7ff6b0a915f5
                                                                                                                                                                                                    0x7ff6b0a915ff
                                                                                                                                                                                                    0x7ff6b0a91604
                                                                                                                                                                                                    0x7ff6b0a91610
                                                                                                                                                                                                    0x7ff6b0a91618
                                                                                                                                                                                                    0x7ff6b0a9162a
                                                                                                                                                                                                    0x7ff6b0a91634
                                                                                                                                                                                                    0x7ff6b0a91639
                                                                                                                                                                                                    0x7ff6b0a91645
                                                                                                                                                                                                    0x7ff6b0a9164d
                                                                                                                                                                                                    0x7ff6b0a9165f
                                                                                                                                                                                                    0x7ff6b0a91669
                                                                                                                                                                                                    0x7ff6b0a91673
                                                                                                                                                                                                    0x7ff6b0a91681
                                                                                                                                                                                                    0x7ff6b0a91698
                                                                                                                                                                                                    0x7ff6b0a916a1
                                                                                                                                                                                                    0x7ff6b0a916b1
                                                                                                                                                                                                    0x7ff6b0a916bf
                                                                                                                                                                                                    0x7ff6b0a916d0
                                                                                                                                                                                                    0x7ff6b0a916d2
                                                                                                                                                                                                    0x7ff6b0a916d7
                                                                                                                                                                                                    0x7ff6b0a916df
                                                                                                                                                                                                    0x7ff6b0a916e7
                                                                                                                                                                                                    0x7ff6b0a916f7
                                                                                                                                                                                                    0x7ff6b0a916fc
                                                                                                                                                                                                    0x7ff6b0a91709
                                                                                                                                                                                                    0x7ff6b0a91716
                                                                                                                                                                                                    0x7ff6b0a91723
                                                                                                                                                                                                    0x7ff6b0a9172b
                                                                                                                                                                                                    0x7ff6b0a91738
                                                                                                                                                                                                    0x7ff6b0a91745
                                                                                                                                                                                                    0x7ff6b0a9174d
                                                                                                                                                                                                    0x7ff6b0a9175a
                                                                                                                                                                                                    0x7ff6b0a9175f
                                                                                                                                                                                                    0x7ff6b0a9177e
                                                                                                                                                                                                    0x7ff6b0a91786
                                                                                                                                                                                                    0x7ff6b0a9178e
                                                                                                                                                                                                    0x7ff6b0a91796
                                                                                                                                                                                                    0x7ff6b0a9179e
                                                                                                                                                                                                    0x7ff6b0a917b5
                                                                                                                                                                                                    0x7ff6b0a917bb
                                                                                                                                                                                                    0x7ff6b0a917c0
                                                                                                                                                                                                    0x7ff6b0a917cb
                                                                                                                                                                                                    0x7ff6b0a917cd
                                                                                                                                                                                                    0x7ff6b0a917d2
                                                                                                                                                                                                    0x7ff6b0a917d7
                                                                                                                                                                                                    0x7ff6b0a917e1
                                                                                                                                                                                                    0x7ff6b0a917e6
                                                                                                                                                                                                    0x7ff6b0a917ee
                                                                                                                                                                                                    0x7ff6b0a917f0
                                                                                                                                                                                                    0x7ff6b0a917fa
                                                                                                                                                                                                    0x7ff6b0a91802
                                                                                                                                                                                                    0x7ff6b0a9180a
                                                                                                                                                                                                    0x7ff6b0a9180f
                                                                                                                                                                                                    0x7ff6b0a91818
                                                                                                                                                                                                    0x7ff6b0a91820
                                                                                                                                                                                                    0x7ff6b0a91829
                                                                                                                                                                                                    0x7ff6b0a91837
                                                                                                                                                                                                    0x7ff6b0a91847
                                                                                                                                                                                                    0x7ff6b0a9184c
                                                                                                                                                                                                    0x7ff6b0a91862
                                                                                                                                                                                                    0x7ff6b0a9186d
                                                                                                                                                                                                    0x7ff6b0a9186d
                                                                                                                                                                                                    0x7ff6b0a91871
                                                                                                                                                                                                    0x7ff6b0a91880
                                                                                                                                                                                                    0x7ff6b0a91882
                                                                                                                                                                                                    0x7ff6b0a91887
                                                                                                                                                                                                    0x7ff6b0a9188c
                                                                                                                                                                                                    0x7ff6b0a91891
                                                                                                                                                                                                    0x7ff6b0a9189b
                                                                                                                                                                                                    0x7ff6b0a918aa
                                                                                                                                                                                                    0x7ff6b0a918b4
                                                                                                                                                                                                    0x7ff6b0a918b9
                                                                                                                                                                                                    0x7ff6b0a918c5
                                                                                                                                                                                                    0x7ff6b0a918cd
                                                                                                                                                                                                    0x7ff6b0a918df
                                                                                                                                                                                                    0x7ff6b0a918e9
                                                                                                                                                                                                    0x7ff6b0a918ee
                                                                                                                                                                                                    0x7ff6b0a918fa
                                                                                                                                                                                                    0x7ff6b0a91902
                                                                                                                                                                                                    0x7ff6b0a91914
                                                                                                                                                                                                    0x7ff6b0a9191e
                                                                                                                                                                                                    0x7ff6b0a91928
                                                                                                                                                                                                    0x7ff6b0a91930
                                                                                                                                                                                                    0x7ff6b0a91932
                                                                                                                                                                                                    0x7ff6b0a9193c
                                                                                                                                                                                                    0x7ff6b0a91944
                                                                                                                                                                                                    0x7ff6b0a9194b
                                                                                                                                                                                                    0x7ff6b0a91952
                                                                                                                                                                                                    0x7ff6b0a91959
                                                                                                                                                                                                    0x7ff6b0a91960
                                                                                                                                                                                                    0x7ff6b0a91967
                                                                                                                                                                                                    0x7ff6b0a9196e
                                                                                                                                                                                                    0x7ff6b0a91973
                                                                                                                                                                                                    0x7ff6b0a91978
                                                                                                                                                                                                    0x7ff6b0a9197b
                                                                                                                                                                                                    0x7ff6b0a91983
                                                                                                                                                                                                    0x7ff6b0a91993
                                                                                                                                                                                                    0x7ff6b0a919ac
                                                                                                                                                                                                    0x7ff6b0a919b7
                                                                                                                                                                                                    0x7ff6b0a919b7
                                                                                                                                                                                                    0x7ff6b0a919bb
                                                                                                                                                                                                    0x7ff6b0a919d2
                                                                                                                                                                                                    0x7ff6b0a919d4
                                                                                                                                                                                                    0x7ff6b0a919d9
                                                                                                                                                                                                    0x7ff6b0a919de
                                                                                                                                                                                                    0x7ff6b0a919e3
                                                                                                                                                                                                    0x7ff6b0a919ed
                                                                                                                                                                                                    0x7ff6b0a919fc
                                                                                                                                                                                                    0x7ff6b0a91a06
                                                                                                                                                                                                    0x7ff6b0a91a0b
                                                                                                                                                                                                    0x7ff6b0a91a17
                                                                                                                                                                                                    0x7ff6b0a91a1f
                                                                                                                                                                                                    0x7ff6b0a91a31
                                                                                                                                                                                                    0x7ff6b0a91a3b
                                                                                                                                                                                                    0x7ff6b0a91a40
                                                                                                                                                                                                    0x7ff6b0a91a4c
                                                                                                                                                                                                    0x7ff6b0a91a54
                                                                                                                                                                                                    0x7ff6b0a91a66
                                                                                                                                                                                                    0x7ff6b0a91a70
                                                                                                                                                                                                    0x7ff6b0a91a77
                                                                                                                                                                                                    0x7ff6b0a91a8d
                                                                                                                                                                                                    0x7ff6b0a91a98
                                                                                                                                                                                                    0x7ff6b0a91a98
                                                                                                                                                                                                    0x7ff6b0a91a9c
                                                                                                                                                                                                    0x7ff6b0a91aab
                                                                                                                                                                                                    0x7ff6b0a91aad
                                                                                                                                                                                                    0x7ff6b0a91ab2
                                                                                                                                                                                                    0x7ff6b0a91ab7
                                                                                                                                                                                                    0x7ff6b0a91abc
                                                                                                                                                                                                    0x7ff6b0a91ac6
                                                                                                                                                                                                    0x7ff6b0a91ad5
                                                                                                                                                                                                    0x7ff6b0a91adf
                                                                                                                                                                                                    0x7ff6b0a91ae4
                                                                                                                                                                                                    0x7ff6b0a91af0
                                                                                                                                                                                                    0x7ff6b0a91af8
                                                                                                                                                                                                    0x7ff6b0a91b0a
                                                                                                                                                                                                    0x7ff6b0a91b14
                                                                                                                                                                                                    0x7ff6b0a91b19
                                                                                                                                                                                                    0x7ff6b0a91b25
                                                                                                                                                                                                    0x7ff6b0a91b2d
                                                                                                                                                                                                    0x7ff6b0a91b3f
                                                                                                                                                                                                    0x7ff6b0a91b49
                                                                                                                                                                                                    0x7ff6b0a91b83

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$File$Move$lstrcmpi$lstrcat$AttributesErrorLastSleeplstrcpy
                                                                                                                                                                                                    • String ID: -args$-exec$-wait
                                                                                                                                                                                                    • API String ID: 3695391189-3543574200
                                                                                                                                                                                                    • Opcode ID: b47439b2d598f34099cd404de5d1fba8806b7a4de36602e438ec1d6f7ee21c83
                                                                                                                                                                                                    • Instruction ID: 85f6ddc5a29c5ca184e54b157c0bf0f352121fa50aa0f107171b55d138469d91
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47439b2d598f34099cd404de5d1fba8806b7a4de36602e438ec1d6f7ee21c83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F442F43661CBC191E6609B18F4943AEBBA4FBC9784F500535EB8D86BAADF3DD454CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA45E0 Relevance: 9.1, APIs: 6, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF67FF6B0AA45E0(void* __rax, void* __rcx) {
				void* _t2;

				goto 0xb0aa45fa;
				if (E00007FF67FF6B0AABC98(__rax, __rcx) == 0) goto 0xb0aa460a;
				_t2 = malloc(??);
				if (__rax == 0) goto 0xb0aa45eb;
				return _t2;
			}




                                                                                                                                                                                                    0x7ff6b0aa45e9
                                                                                                                                                                                                    0x7ff6b0aa45f5
                                                                                                                                                                                                    0x7ff6b0aa45fa
                                                                                                                                                                                                    0x7ff6b0aa4602
                                                                                                                                                                                                    0x7ff6b0aa4609

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$AllocateCommandHeapInitializeLine_cinitmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2456440378-0
                                                                                                                                                                                                    • Opcode ID: d9342fbc873394faf5c233f4d5feb5bd075710e0ef0b8a8265e5b7922b41a891
                                                                                                                                                                                                    • Instruction ID: 6a2e739cbe45ed1b47fac1fa4cb62b0f963c5baacc096e1760b6c5c7d84cc9a6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9342fbc873394faf5c233f4d5feb5bd075710e0ef0b8a8265e5b7922b41a891
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35510523E18247B6FA60AB6CA4552B96EA5EF81344F640C39E74DC67D3DF6CE9408B01
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAC75C Relevance: 7.7, APIs: 5, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF67FF6B0AAC75C(void* __ecx, signed long long __rbx, void* __rdx, signed long long __rdi, signed long long __rsi, signed long long __r12) {
				void* _v24;
				signed long long* _v64;
				intOrPtr _v70;
				void* _v136;
				signed int _t63;
				signed int _t65;
				signed char _t74;
				signed int _t75;
				signed int _t83;
				signed int _t86;
				void* _t88;
				signed int _t95;
				signed long long* _t127;
				signed long long* _t129;
				signed long long* _t131;
				long long _t136;
				long long* _t140;
				signed long long _t151;
				signed long long _t153;
				signed char* _t158;
				void* _t162;
				signed long long* _t163;
				signed long long* _t166;
				signed long long* _t168;
				long long* _t174;
				void* _t176;
				signed char* _t177;
				void* _t180;
				struct _STARTUPINFOA* _t184;

				_t151 = __rdi;
				_t150 = __rdx;
				_t137 = __rbx;
				_t127 = _t163;
				_t127[1] = __rbx;
				_t127[2] = __rsi;
				_t127[3] = __rdi;
				_t127[4] = __r12;
				GetStartupInfoA(_t184);
				_t6 = _t150 - 0x38; // 0x20
				r12d = _t6;
				E00007FF67FF6B0AAA5E0(__rbx, __r12, __rdx, __rdi, __rsi, _t162, _t180, _t176);
				_t166 = _t127;
				r15d = 0;
				if (_t127 != _t184) goto 0xb0aac7ac;
				goto 0xb0aaca27;
				 *0xb0ae89e0 = _t127;
				 *0xb0ae89c0 = r12d;
				if (_t166 -  &(_t127[0x160]) >= 0) goto 0xb0aac80a;
				_t166[1] = r15b;
				 *_t166 =  *_t166 | 0xffffffff;
				_t166[1] = 0xa;
				_t166[1] = r15d;
				_t166[7] = r15b;
				_t166[7] = 0xa;
				_t166[7] = 0xa;
				_t166[0xa] = r15d;
				_t166[9] = r15b;
				_t129 =  *0xb0ae89e0; // 0x24b0b10
				if ( &(_t166[0xb]) - _t129 + 0xb00 < 0) goto 0xb0aac7c7;
				_t86 =  *0xb0ae89c0; // 0x20
				if (_v70 == r15w) goto 0xb0aac95f;
				_t131 = _v64;
				if (_t131 == _t184) goto 0xb0aac95f;
				_t177 =  &(_t131[0]);
				_t158 =  &(_t177[ *_t131]);
				_t82 =  <  ?  *_t131 : 0x800;
				if (_t86 - 0x800 >= 0) goto 0xb0aac8d2;
				E00007FF67FF6B0AAA5E0(_t137, __r12, _t150, _t151, _t158, _t162);
				_t168 = _t131;
				if (_t131 == _t184) goto 0xb0aac8ca;
				0xb0ae89e0[_t151] = _t131;
				_t63 =  *0xb0ae89c0; // 0x20
				 *0xb0ae89c0 = _t63 + r12d;
				_t20 =  &(_t168[0x160]); // 0xb00
				if (_t168 - _t20 >= 0) goto 0xb0aac8c1;
				_t168[1] = r15b;
				 *_t168 =  *_t168 | 0xffffffff;
				_t168[1] = 0xa;
				_t168[1] = r15d;
				_t168[7] = _t168[7] & 0x00000080;
				_t168[7] = 0xa;
				_t168[7] = 0xa;
				_t168[0xa] = r15d;
				_t168[9] = r15b;
				if ( &(_t168[0xb]) -  &(0xb0ae89e0[_t151][0x160]) < 0) goto 0xb0aac880;
				_t65 =  *0xb0ae89c0; // 0x20
				_t107 = _t65 - ( <  ?  *_t131 : 0x800);
				if (_t65 - ( <  ?  *_t131 : 0x800) < 0) goto 0xb0aac84c;
				goto 0xb0aac8d9;
				_t83 =  *0xb0ae89c0; // 0x20
				goto 0xb0aac8d9;
				_t95 = r15d;
				if (_t83 - r15d <= 0) goto 0xb0aac95f;
				if ( *_t158 == 0xffffffff) goto 0xb0aac952;
				if ( *_t158 == 0xfffffffe) goto 0xb0aac952;
				if (( *_t177 & 0x00000001) == 0) goto 0xb0aac952;
				if (( *_t177 & 0x00000008) != 0) goto 0xb0aac909;
				if (GetFileType(??) == r15d) goto 0xb0aac952;
				r12d = r12d & 0x0000001f;
				_t174 = 0xb0ae89e0[_t95 >> 5] + _t95 * 0x58;
				_t136 =  *_t158;
				 *_t174 = _t136;
				 *((char*)(_t174 + 8)) =  *_t177;
				if (E00007FF67FF6B0AB0438() == r15d) goto 0xb0aac94a;
				 *((intOrPtr*)(_t174 + 0xc)) =  *((intOrPtr*)(_t174 + 0xc)) + 1;
				goto 0xb0aac952;
				goto 0xb0aaca27;
				if (_t95 + 1 - _t83 < 0) goto 0xb0aac8e1;
				r12d = r15d;
				_t153 = _t184;
				_t140 =  *0xb0ae89e0 + _t153 * 0x58;
				if ( *_t140 == 0xffffffff) goto 0xb0aac985;
				if ( *_t140 == 0xfffffffe) goto 0xb0aac985;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000080;
				goto 0xb0aaca04;
				 *(_t140 + 8) = 0x81;
				asm("sbb ecx, ecx");
				_t88 =  ==  ? 0xfffffff6 : _t86 + 0xfffffff5;
				GetStdHandle(??);
				if (_t136 == 0xffffffff) goto 0xb0aac9f9;
				if (_t136 == _t184) goto 0xb0aac9f9;
				_t74 = GetFileType(??); // executed
				if (_t74 == r15d) goto 0xb0aac9f9;
				 *_t140 = _t136;
				_t75 = _t74 & 0x000000ff;
				if (_t75 != 2) goto 0xb0aac9d3;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000040;
				goto 0xb0aac9dc;
				if (_t75 != 3) goto 0xb0aac9dc;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000008;
				if (E00007FF67FF6B0AB0438() == r15d) goto 0xb0aac9f4;
				 *((intOrPtr*)(_t140 + 0xc)) =  *((intOrPtr*)(_t140 + 0xc)) + 1;
				goto 0xb0aaca04;
				goto 0xb0aaca27;
				 *(_t140 + 8) =  *(_t140 + 8) | 0x00000040;
				 *_t140 = 0xfffffffe;
				r12d = r12d + 1;
				if (_t153 + 1 - 3 < 0) goto 0xb0aac965;
				SetHandleCount(??);
				return 0xffffffff;
			}
































                                                                                                                                                                                                    0x7ff6b0aac75c
                                                                                                                                                                                                    0x7ff6b0aac75c
                                                                                                                                                                                                    0x7ff6b0aac75c
                                                                                                                                                                                                    0x7ff6b0aac75c
                                                                                                                                                                                                    0x7ff6b0aac75f
                                                                                                                                                                                                    0x7ff6b0aac763
                                                                                                                                                                                                    0x7ff6b0aac767
                                                                                                                                                                                                    0x7ff6b0aac76b
                                                                                                                                                                                                    0x7ff6b0aac781
                                                                                                                                                                                                    0x7ff6b0aac78d
                                                                                                                                                                                                    0x7ff6b0aac78d
                                                                                                                                                                                                    0x7ff6b0aac794
                                                                                                                                                                                                    0x7ff6b0aac799
                                                                                                                                                                                                    0x7ff6b0aac79c
                                                                                                                                                                                                    0x7ff6b0aac7a2
                                                                                                                                                                                                    0x7ff6b0aac7a7
                                                                                                                                                                                                    0x7ff6b0aac7ac
                                                                                                                                                                                                    0x7ff6b0aac7b6
                                                                                                                                                                                                    0x7ff6b0aac7c5
                                                                                                                                                                                                    0x7ff6b0aac7c7
                                                                                                                                                                                                    0x7ff6b0aac7cb
                                                                                                                                                                                                    0x7ff6b0aac7cf
                                                                                                                                                                                                    0x7ff6b0aac7d4
                                                                                                                                                                                                    0x7ff6b0aac7d8
                                                                                                                                                                                                    0x7ff6b0aac7dc
                                                                                                                                                                                                    0x7ff6b0aac7e1
                                                                                                                                                                                                    0x7ff6b0aac7e6
                                                                                                                                                                                                    0x7ff6b0aac7ea
                                                                                                                                                                                                    0x7ff6b0aac7f2
                                                                                                                                                                                                    0x7ff6b0aac802
                                                                                                                                                                                                    0x7ff6b0aac804
                                                                                                                                                                                                    0x7ff6b0aac810
                                                                                                                                                                                                    0x7ff6b0aac816
                                                                                                                                                                                                    0x7ff6b0aac81e
                                                                                                                                                                                                    0x7ff6b0aac824
                                                                                                                                                                                                    0x7ff6b0aac82b
                                                                                                                                                                                                    0x7ff6b0aac835
                                                                                                                                                                                                    0x7ff6b0aac83f
                                                                                                                                                                                                    0x7ff6b0aac854
                                                                                                                                                                                                    0x7ff6b0aac859
                                                                                                                                                                                                    0x7ff6b0aac85f
                                                                                                                                                                                                    0x7ff6b0aac861
                                                                                                                                                                                                    0x7ff6b0aac865
                                                                                                                                                                                                    0x7ff6b0aac86e
                                                                                                                                                                                                    0x7ff6b0aac874
                                                                                                                                                                                                    0x7ff6b0aac87e
                                                                                                                                                                                                    0x7ff6b0aac880
                                                                                                                                                                                                    0x7ff6b0aac884
                                                                                                                                                                                                    0x7ff6b0aac888
                                                                                                                                                                                                    0x7ff6b0aac88d
                                                                                                                                                                                                    0x7ff6b0aac891
                                                                                                                                                                                                    0x7ff6b0aac896
                                                                                                                                                                                                    0x7ff6b0aac89b
                                                                                                                                                                                                    0x7ff6b0aac8a0
                                                                                                                                                                                                    0x7ff6b0aac8a4
                                                                                                                                                                                                    0x7ff6b0aac8b9
                                                                                                                                                                                                    0x7ff6b0aac8bb
                                                                                                                                                                                                    0x7ff6b0aac8c4
                                                                                                                                                                                                    0x7ff6b0aac8c6
                                                                                                                                                                                                    0x7ff6b0aac8c8
                                                                                                                                                                                                    0x7ff6b0aac8ca
                                                                                                                                                                                                    0x7ff6b0aac8d0
                                                                                                                                                                                                    0x7ff6b0aac8d9
                                                                                                                                                                                                    0x7ff6b0aac8df
                                                                                                                                                                                                    0x7ff6b0aac8e5
                                                                                                                                                                                                    0x7ff6b0aac8eb
                                                                                                                                                                                                    0x7ff6b0aac8f2
                                                                                                                                                                                                    0x7ff6b0aac8f9
                                                                                                                                                                                                    0x7ff6b0aac907
                                                                                                                                                                                                    0x7ff6b0aac913
                                                                                                                                                                                                    0x7ff6b0aac91b
                                                                                                                                                                                                    0x7ff6b0aac91f
                                                                                                                                                                                                    0x7ff6b0aac922
                                                                                                                                                                                                    0x7ff6b0aac92a
                                                                                                                                                                                                    0x7ff6b0aac941
                                                                                                                                                                                                    0x7ff6b0aac943
                                                                                                                                                                                                    0x7ff6b0aac948
                                                                                                                                                                                                    0x7ff6b0aac94d
                                                                                                                                                                                                    0x7ff6b0aac95d
                                                                                                                                                                                                    0x7ff6b0aac95f
                                                                                                                                                                                                    0x7ff6b0aac962
                                                                                                                                                                                                    0x7ff6b0aac96c
                                                                                                                                                                                                    0x7ff6b0aac977
                                                                                                                                                                                                    0x7ff6b0aac97d
                                                                                                                                                                                                    0x7ff6b0aac97f
                                                                                                                                                                                                    0x7ff6b0aac983
                                                                                                                                                                                                    0x7ff6b0aac985
                                                                                                                                                                                                    0x7ff6b0aac990
                                                                                                                                                                                                    0x7ff6b0aac99d
                                                                                                                                                                                                    0x7ff6b0aac9a0
                                                                                                                                                                                                    0x7ff6b0aac9ad
                                                                                                                                                                                                    0x7ff6b0aac9b2
                                                                                                                                                                                                    0x7ff6b0aac9b7
                                                                                                                                                                                                    0x7ff6b0aac9c0
                                                                                                                                                                                                    0x7ff6b0aac9c2
                                                                                                                                                                                                    0x7ff6b0aac9c5
                                                                                                                                                                                                    0x7ff6b0aac9cb
                                                                                                                                                                                                    0x7ff6b0aac9cd
                                                                                                                                                                                                    0x7ff6b0aac9d1
                                                                                                                                                                                                    0x7ff6b0aac9d6
                                                                                                                                                                                                    0x7ff6b0aac9d8
                                                                                                                                                                                                    0x7ff6b0aac9ed
                                                                                                                                                                                                    0x7ff6b0aac9ef
                                                                                                                                                                                                    0x7ff6b0aac9f2
                                                                                                                                                                                                    0x7ff6b0aac9f7
                                                                                                                                                                                                    0x7ff6b0aac9f9
                                                                                                                                                                                                    0x7ff6b0aac9fd
                                                                                                                                                                                                    0x7ff6b0aaca04
                                                                                                                                                                                                    0x7ff6b0aaca0e
                                                                                                                                                                                                    0x7ff6b0aaca1a
                                                                                                                                                                                                    0x7ff6b0aaca48

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStartupInfoA.KERNEL32 ref: 00007FF6B0AAC781
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AAA5E0: Sleep.KERNEL32(?,?,?,00007FF6B0AAB8EB,?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871), ref: 00007FF6B0AAA625
                                                                                                                                                                                                    • GetFileType.KERNEL32 ref: 00007FF6B0AAC8FE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileInfoSleepStartupType
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1527402494-0
                                                                                                                                                                                                    • Opcode ID: 8533c35c8a20efeb12ed51f4efd1269282dbaf34b7f114ec22bf48b726a2f410
                                                                                                                                                                                                    • Instruction ID: ea65b54fc9f60837fefe50a4f58642b8a9a3a9b494a28581b915c1980f52dd9f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8533c35c8a20efeb12ed51f4efd1269282dbaf34b7f114ec22bf48b726a2f410
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E915A23A18686A1E7518B28D4486792FA5FB057B4F258B35C77E873E2DF3DE846C301
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA8520 Relevance: 6.4, APIs: 5, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                    			E00007FF67FF6B0AA8520(long long __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, long long _a8, long long _a24) {
				long long _v64;
				long long _v72;
				void* __rsi;
				void* __rbp;
				signed int _t53;
				signed int _t55;
				void* _t57;
				void* _t63;
				void* _t64;
				void* _t65;
				long long _t68;
				void* _t78;
				void* _t96;
				long long _t97;
				void* _t99;
				long long _t100;
				intOrPtr _t106;
				void* _t109;
				long long _t113;

				_t92 = __rdx;
				_t68 = __rax;
				_a8 = __rbx;
				_t78 = __rcx;
				r12d = 1;
				E00007FF67FF6B0AAA574(_t57, __rax, __rcx, __rcx, _t96, _t99); // executed
				_t97 = _t68;
				_a24 = _t68;
				if (_t97 == _t68) goto 0xb0aa86f1;
				_t3 = _t97 + 4; // 0x4
				_t100 = _t3;
				_t4 = _t78 + 0x68; // 0x68
				_t5 = _t109 + 2; // 0x3
				r8d = _t5;
				 *_t100 = 0;
				 *_t97 = r12d;
				_t106 =  *0xb0ad0c88; // 0x7ff6b0ad0c50
				_v64 =  *_t4;
				_v72 = 0xb0ad0d90;
				E00007FF67FF6B0AA82BC(_t100, __rdx, _t106);
				_t8 = _t78 + 0x88; // 0x88
				if (E00007FF67FF6B0AB3850(0xb0ad0d90, _t100, _t92, _t97, _t100, 0xb0ad0d8c) == 0) goto 0xb0aa85db;
				r9d = 0;
				r8d = 0;
				_v72 = _t97;
				E00007FF67FF6B0AA4308();
				E00007FF67FF6B0AABBE0(0,  *_t4,  *_t8);
				r8d = 3;
				_t53 =  !=  ? 0 : r12d;
				_t11 = _t78 + 0x48; // 0x4a
				_t113 = (_t109 + 1 << 5) + _t11;
				_v64 =  *_t113;
				_v72 = 0xb0ad0d90;
				E00007FF67FF6B0AA82BC(_t100,  *_t8,  *0xb0ad0c88);
				if (0x7ff6b0ad0ca0 - 0xb0ad0ce8 < 0) goto 0xb0aa85af;
				r13d = 0;
				if (_t53 != r13d) goto 0xb0aa8697;
				_t63 =  *((intOrPtr*)(_t78 + 0x58)) - _t113;
				if (_t63 == 0) goto 0xb0aa866e;
				asm("lock xadd [ecx], eax");
				if (_t63 != 0) goto 0xb0aa866e;
				free(??);
				_t64 =  *((intOrPtr*)(_t78 + 0x60)) - _t113;
				if (_t64 == 0) goto 0xb0aa868a;
				asm("lock xadd [edx], ecx");
				if (_t64 != 0) goto 0xb0aa868a;
				free(??);
				 *((long long*)(_t78 + 0x58)) = _a24;
				 *((long long*)(_t78 + 0x48)) = _t100;
				goto 0xb0aa86e9;
				free(??);
				_t55 = _t53 | 0xffffffff;
				_t65 =  *((intOrPtr*)(_t78 + 0x58)) - _t113;
				if (_t65 == 0) goto 0xb0aa86be;
				asm("lock xadd [ecx], eax");
				if (_t65 != 0) goto 0xb0aa86be;
				free(??);
				if ( *((intOrPtr*)(_t78 + 0x60)) == _t113) goto 0xb0aa86da;
				asm("lock xadd [edx], ecx");
				if (_t55 + _t55 != 0) goto 0xb0aa86da;
				free(??);
				 *((long long*)(_t78 + 0x58)) = _t113;
				 *((long long*)(_t78 + 0x48)) = _t113;
				 *((long long*)(_t78 + 0x50)) = _t113;
				 *((long long*)(_t78 + 0x60)) = _t113;
				return _t55 + _t55;
			}






















                                                                                                                                                                                                    0x7ff6b0aa8520
                                                                                                                                                                                                    0x7ff6b0aa8520
                                                                                                                                                                                                    0x7ff6b0aa8520
                                                                                                                                                                                                    0x7ff6b0aa8534
                                                                                                                                                                                                    0x7ff6b0aa8537
                                                                                                                                                                                                    0x7ff6b0aa8545
                                                                                                                                                                                                    0x7ff6b0aa854a
                                                                                                                                                                                                    0x7ff6b0aa854d
                                                                                                                                                                                                    0x7ff6b0aa855a
                                                                                                                                                                                                    0x7ff6b0aa8560
                                                                                                                                                                                                    0x7ff6b0aa8560
                                                                                                                                                                                                    0x7ff6b0aa8564
                                                                                                                                                                                                    0x7ff6b0aa8568
                                                                                                                                                                                                    0x7ff6b0aa8568
                                                                                                                                                                                                    0x7ff6b0aa856d
                                                                                                                                                                                                    0x7ff6b0aa8570
                                                                                                                                                                                                    0x7ff6b0aa8577
                                                                                                                                                                                                    0x7ff6b0aa857e
                                                                                                                                                                                                    0x7ff6b0aa8592
                                                                                                                                                                                                    0x7ff6b0aa8597
                                                                                                                                                                                                    0x7ff6b0aa859f
                                                                                                                                                                                                    0x7ff6b0aa85c5
                                                                                                                                                                                                    0x7ff6b0aa85c7
                                                                                                                                                                                                    0x7ff6b0aa85ca
                                                                                                                                                                                                    0x7ff6b0aa85d1
                                                                                                                                                                                                    0x7ff6b0aa85d6
                                                                                                                                                                                                    0x7ff6b0aa85e3
                                                                                                                                                                                                    0x7ff6b0aa85ed
                                                                                                                                                                                                    0x7ff6b0aa85f8
                                                                                                                                                                                                    0x7ff6b0aa8610
                                                                                                                                                                                                    0x7ff6b0aa8610
                                                                                                                                                                                                    0x7ff6b0aa8619
                                                                                                                                                                                                    0x7ff6b0aa8625
                                                                                                                                                                                                    0x7ff6b0aa862a
                                                                                                                                                                                                    0x7ff6b0aa8639
                                                                                                                                                                                                    0x7ff6b0aa8647
                                                                                                                                                                                                    0x7ff6b0aa864d
                                                                                                                                                                                                    0x7ff6b0aa8656
                                                                                                                                                                                                    0x7ff6b0aa8659
                                                                                                                                                                                                    0x7ff6b0aa865d
                                                                                                                                                                                                    0x7ff6b0aa8663
                                                                                                                                                                                                    0x7ff6b0aa8669
                                                                                                                                                                                                    0x7ff6b0aa8672
                                                                                                                                                                                                    0x7ff6b0aa8675
                                                                                                                                                                                                    0x7ff6b0aa8679
                                                                                                                                                                                                    0x7ff6b0aa867f
                                                                                                                                                                                                    0x7ff6b0aa8685
                                                                                                                                                                                                    0x7ff6b0aa868a
                                                                                                                                                                                                    0x7ff6b0aa868e
                                                                                                                                                                                                    0x7ff6b0aa8695
                                                                                                                                                                                                    0x7ff6b0aa869a
                                                                                                                                                                                                    0x7ff6b0aa86a3
                                                                                                                                                                                                    0x7ff6b0aa86a6
                                                                                                                                                                                                    0x7ff6b0aa86a9
                                                                                                                                                                                                    0x7ff6b0aa86ad
                                                                                                                                                                                                    0x7ff6b0aa86b3
                                                                                                                                                                                                    0x7ff6b0aa86b9
                                                                                                                                                                                                    0x7ff6b0aa86c5
                                                                                                                                                                                                    0x7ff6b0aa86c9
                                                                                                                                                                                                    0x7ff6b0aa86cf
                                                                                                                                                                                                    0x7ff6b0aa86d5
                                                                                                                                                                                                    0x7ff6b0aa86e1
                                                                                                                                                                                                    0x7ff6b0aa86e5
                                                                                                                                                                                                    0x7ff6b0aa86e9
                                                                                                                                                                                                    0x7ff6b0aa86ed
                                                                                                                                                                                                    0x7ff6b0aa8705

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ExceptionFilterProcessUnhandled_errno$CaptureContextCurrentDebuggerErrorFreeHeapLastPresentSleepTerminatemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2327265721-0
                                                                                                                                                                                                    • Opcode ID: def5f98aa189ed1fb9de0a002abd7351bc365c7a9b586d71034df92824fd45d2
                                                                                                                                                                                                    • Instruction ID: 3fd6a4c576e4e7c815785eedc21db16643e94a4eed62edb1526a9e1be4fa6655
                                                                                                                                                                                                    • Opcode Fuzzy Hash: def5f98aa189ed1fb9de0a002abd7351bc365c7a9b586d71034df92824fd45d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C51C537604A8592EB209F29E80016E7B65FB84B98F684536EF4D877D6CF3CD846C340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA8E74 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                                                                    			E00007FF67FF6B0AA8E74(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r9, signed int __r12, long long _a8, long long _a16, signed int* _a24, long long _a32) {
				signed int* _v40;
				signed int _v56;
				void* _t36;
				void* _t49;
				void* _t50;
				intOrPtr _t56;
				void* _t63;
				void* _t64;
				signed int* _t75;
				signed int _t92;
				intOrPtr _t96;
				signed int* _t99;
				signed int* _t102;
				void* _t110;
				intOrPtr _t111;
				void* _t115;

				_t110 = __r9;
				_t108 = __r8;
				_t104 = __rbp;
				_t91 = __rdx;
				_t81 = __rcx;
				_t80 = __rbx;
				_t75 = __rax;
				_t64 = __esi;
				_t63 = __edi;
				_t50 = __ebx;
				_a8 = __rsi;
				_a16 = __rdi;
				_a32 = __r12;
				_t115 = __rdx;
				r14d = __ecx;
				r12d = 0;
				_t65 = __ecx - 5;
				if (__ecx - 5 <= 0) goto 0xb0aa8ec1;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 0x16;
				_v56 = _v56 & __r12;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(__rax, __rbx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0xb0aa9077;
				E00007FF67FF6B0AAB93C(0, _t65, __rax);
				_t102 = _t75;
				_a24 = _t75;
				E00007FF67FF6B0AA819C(_t75);
				_t102[0x32] = _t102[0x32] | 0x00000010;
				E00007FF67FF6B0AAA5E0(_t80, _t81, _t91, __rdi, _t102, _t104);
				_t99 = _t75;
				if (_t75 == 0) goto 0xb0aa906d;
				E00007FF67FF6B0AAFF60();
				_t92 = _t102[0x30];
				if (_t92 == 0) goto 0xb0aa8f2b;
				if (_t99 == _t92) goto 0xb0aa8f2b;
				r8d = 0x160;
				_t36 = E00007FF67FF6B0AAAE90(0xc, _t99 - _t92, _t99, _t92, _t108);
				 *_t99 =  *_t99 & 0x00000000;
				E00007FF67FF6B0AA8004(_t36, _t99, _t108);
				E00007FF67FF6B0AAFE60();
				_t109 = _t115;
				E00007FF67FF6B0AA8C50(_t50, 0xc, r14d, _t99, _t92, _t115, _t110); // executed
				_v40 = _t75;
				if (_t75 == 0) goto 0xb0aa905f;
				if (_t115 == 0) goto 0xb0aa8f82;
				E00007FF67FF6B0AABBE0(0xc, _t115, 0xb0ae0a20);
				_t56 =  *0xb0ae30bc; // 0x0
				r13d = 1;
				_t57 =  !=  ? r13d : _t56;
				 *0xb0ae30bc =  !=  ? r13d : _t56;
				goto 0xb0aa8f88;
				r13d = 1;
				E00007FF67FF6B0AAFF60();
				_t11 =  &(_t102[0x30]); // 0xc0
				E00007FF67FF6B0AA809C(E00007FF67FF6B0AA8144(_t63, _t64, _t75, _t11, _t99, _t102), _t99, _t115);
				if ((_t102[0x32] & 0x00000002) != 0) goto 0xb0aa9053;
				if (( *0xb0ae0a10 & r13b) != 0) goto 0xb0aa9053;
				E00007FF67FF6B0AA8144(_t63, _t64, _t75, 0xb0ae0b90, _t102[0x30], _t102);
				_t96 =  *0xb0ae0b90; // 0x24b4b80
				r8d = 0x18;
				E00007FF67FF6B0AAAE90(0xc,  *0xb0ae0a10 & r13b, 0xb0ae3ba0, _t96 + 0xc, _t115);
				_t111 =  *0xb0ae0b90; // 0x24b4b80
				 *0xb0ae3bb8 =  *((intOrPtr*)(_t111 + 4));
				 *0xb0ae3bbc =  *((intOrPtr*)(_t111 + 8));
				 *0xb0ae0b98 =  *((intOrPtr*)(_t111 + 0x108));
				 *0xb0ae1718 =  *((intOrPtr*)(_t111 + 0x158));
				 *0xb0ae01f8 =  *((intOrPtr*)(_t111 + 0x128));
				 *0xb0ae0440 =  *((intOrPtr*)(_t111 + 0x140));
				 *0xb0ae1720 =  *((intOrPtr*)(_t111 + 0x10c));
				E00007FF67FF6B0AAFE60();
				goto 0xb0aa906d;
				E00007FF67FF6B0AA809C( *((intOrPtr*)(_t111 + 0x10c)), _t99, _t109);
				_t49 = E00007FF67FF6B0AA7E88(_t80, _t99, _t102, _t109);
				_t102[0x32] = _t102[0x32] & 0xffffffef;
				return _t49;
			}



















                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e74
                                                                                                                                                                                                    0x7ff6b0aa8e79
                                                                                                                                                                                                    0x7ff6b0aa8e7e
                                                                                                                                                                                                    0x7ff6b0aa8e8d
                                                                                                                                                                                                    0x7ff6b0aa8e90
                                                                                                                                                                                                    0x7ff6b0aa8e93
                                                                                                                                                                                                    0x7ff6b0aa8e96
                                                                                                                                                                                                    0x7ff6b0aa8e99
                                                                                                                                                                                                    0x7ff6b0aa8e9b
                                                                                                                                                                                                    0x7ff6b0aa8ea0
                                                                                                                                                                                                    0x7ff6b0aa8ea6
                                                                                                                                                                                                    0x7ff6b0aa8eab
                                                                                                                                                                                                    0x7ff6b0aa8eae
                                                                                                                                                                                                    0x7ff6b0aa8eb5
                                                                                                                                                                                                    0x7ff6b0aa8ebc
                                                                                                                                                                                                    0x7ff6b0aa8ec1
                                                                                                                                                                                                    0x7ff6b0aa8ec6
                                                                                                                                                                                                    0x7ff6b0aa8ec9
                                                                                                                                                                                                    0x7ff6b0aa8ece
                                                                                                                                                                                                    0x7ff6b0aa8ed3
                                                                                                                                                                                                    0x7ff6b0aa8ee4
                                                                                                                                                                                                    0x7ff6b0aa8ee9
                                                                                                                                                                                                    0x7ff6b0aa8eef
                                                                                                                                                                                                    0x7ff6b0aa8efa
                                                                                                                                                                                                    0x7ff6b0aa8f00
                                                                                                                                                                                                    0x7ff6b0aa8f0a
                                                                                                                                                                                                    0x7ff6b0aa8f0f
                                                                                                                                                                                                    0x7ff6b0aa8f14
                                                                                                                                                                                                    0x7ff6b0aa8f1a
                                                                                                                                                                                                    0x7ff6b0aa8f1f
                                                                                                                                                                                                    0x7ff6b0aa8f25
                                                                                                                                                                                                    0x7ff6b0aa8f30
                                                                                                                                                                                                    0x7ff6b0aa8f35
                                                                                                                                                                                                    0x7ff6b0aa8f3e
                                                                                                                                                                                                    0x7ff6b0aa8f46
                                                                                                                                                                                                    0x7ff6b0aa8f4e
                                                                                                                                                                                                    0x7ff6b0aa8f57
                                                                                                                                                                                                    0x7ff6b0aa8f63
                                                                                                                                                                                                    0x7ff6b0aa8f68
                                                                                                                                                                                                    0x7ff6b0aa8f70
                                                                                                                                                                                                    0x7ff6b0aa8f76
                                                                                                                                                                                                    0x7ff6b0aa8f7a
                                                                                                                                                                                                    0x7ff6b0aa8f80
                                                                                                                                                                                                    0x7ff6b0aa8f82
                                                                                                                                                                                                    0x7ff6b0aa8f8d
                                                                                                                                                                                                    0x7ff6b0aa8f96
                                                                                                                                                                                                    0x7ff6b0aa8fa5
                                                                                                                                                                                                    0x7ff6b0aa8fb1
                                                                                                                                                                                                    0x7ff6b0aa8fbe
                                                                                                                                                                                                    0x7ff6b0aa8fd2
                                                                                                                                                                                                    0x7ff6b0aa8fd7
                                                                                                                                                                                                    0x7ff6b0aa8fe2
                                                                                                                                                                                                    0x7ff6b0aa8fef
                                                                                                                                                                                                    0x7ff6b0aa8ff4
                                                                                                                                                                                                    0x7ff6b0aa8fff
                                                                                                                                                                                                    0x7ff6b0aa9009
                                                                                                                                                                                                    0x7ff6b0aa9016
                                                                                                                                                                                                    0x7ff6b0aa9023
                                                                                                                                                                                                    0x7ff6b0aa9031
                                                                                                                                                                                                    0x7ff6b0aa903f
                                                                                                                                                                                                    0x7ff6b0aa904d
                                                                                                                                                                                                    0x7ff6b0aa9058
                                                                                                                                                                                                    0x7ff6b0aa905d
                                                                                                                                                                                                    0x7ff6b0aa9062
                                                                                                                                                                                                    0x7ff6b0aa9067
                                                                                                                                                                                                    0x7ff6b0aa906d
                                                                                                                                                                                                    0x7ff6b0aa9090

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lock$DecodePointer_errno_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4201827665-0
                                                                                                                                                                                                    • Opcode ID: f69661139c2ccdaea8614eccadf113ca2f6b788d7e3362209dbcf903ea8732cd
                                                                                                                                                                                                    • Instruction ID: c1873001b1f5955fb0dfacc17a72496c9a9ccb2adf688936bbc82030d515f755
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f69661139c2ccdaea8614eccadf113ca2f6b788d7e3362209dbcf903ea8732cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26515933A19642A6F754EB29A840BBAAA91FF44784F204939DF5E877D3DF3DE4418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AABAD8 Relevance: 4.5, APIs: 3, Instructions: 35memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 23%
                                                                                                                                                                                                    			E00007FF67FF6B0AABAD8(long* __rax, void* __rcx, void* __rdx, void* __rdi, void* __rsi) {
				void* __rbx;
				intOrPtr _t5;
				void* _t6;
				long _t8;
				long* _t21;
				void* _t22;
				long* _t23;
				void* _t31;

				_t30 = __rsi;
				_t29 = __rdi;
				_t21 = __rax;
				E00007FF67FF6B0AA5910(__rax); // executed
				_t5 = E00007FF67FF6B0AAFD50(_t22, __rdi, __rsi);
				if (_t5 == 0) goto 0xb0aabb4c;
				__imp__FlsAlloc();
				 *0xb0ae0810 = _t5;
				if (_t5 == 0xffffffff) goto 0xb0aabb4c;
				_t6 = E00007FF67FF6B0AAA5E0(_t22, 0x7ff6b0aab960, __rdx, _t29, _t30, _t31);
				_t23 = _t21;
				if (_t21 == 0) goto 0xb0aabb4c;
				__imp__FlsSetValue();
				if (_t6 == 0) goto 0xb0aabb4c;
				E00007FF67FF6B0AAB804(_t23, _t23, _t21);
				_t8 = GetCurrentThreadId();
				_t23[2] = _t23[2] | 0xffffffff;
				 *_t23 = _t8;
				goto 0xb0aabb53;
				E00007FF67FF6B0AAB7DC(_t23, _t23, _t21);
				return 0;
			}











                                                                                                                                                                                                    0x7ff6b0aabad8
                                                                                                                                                                                                    0x7ff6b0aabad8
                                                                                                                                                                                                    0x7ff6b0aabad8
                                                                                                                                                                                                    0x7ff6b0aabade
                                                                                                                                                                                                    0x7ff6b0aabae3
                                                                                                                                                                                                    0x7ff6b0aabaea
                                                                                                                                                                                                    0x7ff6b0aabaf3
                                                                                                                                                                                                    0x7ff6b0aabaf9
                                                                                                                                                                                                    0x7ff6b0aabb02
                                                                                                                                                                                                    0x7ff6b0aabb0e
                                                                                                                                                                                                    0x7ff6b0aabb13
                                                                                                                                                                                                    0x7ff6b0aabb19
                                                                                                                                                                                                    0x7ff6b0aabb24
                                                                                                                                                                                                    0x7ff6b0aabb2c
                                                                                                                                                                                                    0x7ff6b0aabb33
                                                                                                                                                                                                    0x7ff6b0aabb38
                                                                                                                                                                                                    0x7ff6b0aabb3e
                                                                                                                                                                                                    0x7ff6b0aabb43
                                                                                                                                                                                                    0x7ff6b0aabb4a
                                                                                                                                                                                                    0x7ff6b0aabb4c
                                                                                                                                                                                                    0x7ff6b0aabb58

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA5910: _initp_misc_winsig.LIBCMT ref: 00007FF6B0AA5949
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA5910: EncodePointer.KERNEL32(?,?,00000000,00007FF6B0AABAE3,?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AA5965
                                                                                                                                                                                                    • FlsAlloc.KERNEL32(?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AABAF3
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AAA5E0: Sleep.KERNEL32(?,?,?,00007FF6B0AAB8EB,?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871), ref: 00007FF6B0AAA625
                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AABB24
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FF6B0AABB38
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lock$AllocCurrentEncodePointerSleepThreadValue_initp_misc_winsig
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 54287522-0
                                                                                                                                                                                                    • Opcode ID: de95eaae2b1d1c57757afb457a2a3e14f08f94a5831e49998ee3f3ac3efbfa47
                                                                                                                                                                                                    • Instruction ID: 97d96f7cc56d8e4e3ed1808d43071441da83f26b4d3d2ed40416b49075cbf726
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de95eaae2b1d1c57757afb457a2a3e14f08f94a5831e49998ee3f3ac3efbfa47
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8701A222E2920365FB546B7C98042B97B90AF44720F244F34C73DC53E7EE2CE8808320
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB4664 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF67FF6B0AB4664(void* __eax, long long __rbx, signed long long __rcx, signed long long __rdx, void* __rsi, void* __rbp, intOrPtr* __r8, long long _a8) {
				signed long long _v24;
				void* _t19;
				intOrPtr* _t34;
				intOrPtr* _t36;
				signed long long _t38;
				signed long long _t42;

				_t41 = __rdx;
				_t38 = __rcx;
				_a8 = __rbx;
				_t36 = __r8;
				_t42 = __rdx;
				if (__rcx == 0) goto 0xb0ab46ab;
				_t2 = _t41 - 0x20; // -32
				_t34 = _t2;
				if (_t34 - __rdx >= 0) goto 0xb0ab46ab;
				E00007FF67FF6B0AA78AC(_t34);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t34 = 0xc;
				E00007FF67FF6B0AA4430(_t34, __r8, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0xb0ab4708;
				_t44 =  ==  ? _t34 : _t42 * _t38;
				if (( ==  ? _t34 : _t42 * _t38) - 0xffffffe0 > 0) goto 0xb0ab46db;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t34 != 0) goto 0xb0ab4708;
				if ( *0xb0ae3b98 == 0) goto 0xb0ab46fd;
				_t19 = E00007FF67FF6B0AABC98(_t34,  ==  ? _t34 : _t42 * _t38);
				if (_t19 != 0) goto 0xb0ab46bb;
				if (_t36 == 0) goto 0xb0ab46a7;
				 *_t36 = 0xc;
				goto 0xb0ab46a7;
				if (_t36 == 0) goto 0xb0ab4708;
				 *_t36 = 0xc;
				return _t19;
			}









                                                                                                                                                                                                    0x7ff6b0ab4664
                                                                                                                                                                                                    0x7ff6b0ab4664
                                                                                                                                                                                                    0x7ff6b0ab4664
                                                                                                                                                                                                    0x7ff6b0ab466e
                                                                                                                                                                                                    0x7ff6b0ab4671
                                                                                                                                                                                                    0x7ff6b0ab4677
                                                                                                                                                                                                    0x7ff6b0ab467b
                                                                                                                                                                                                    0x7ff6b0ab467b
                                                                                                                                                                                                    0x7ff6b0ab4685
                                                                                                                                                                                                    0x7ff6b0ab4687
                                                                                                                                                                                                    0x7ff6b0ab468c
                                                                                                                                                                                                    0x7ff6b0ab4692
                                                                                                                                                                                                    0x7ff6b0ab4695
                                                                                                                                                                                                    0x7ff6b0ab469c
                                                                                                                                                                                                    0x7ff6b0ab46a2
                                                                                                                                                                                                    0x7ff6b0ab46a9
                                                                                                                                                                                                    0x7ff6b0ab46b7
                                                                                                                                                                                                    0x7ff6b0ab46c1
                                                                                                                                                                                                    0x7ff6b0ab46d0
                                                                                                                                                                                                    0x7ff6b0ab46d9
                                                                                                                                                                                                    0x7ff6b0ab46e2
                                                                                                                                                                                                    0x7ff6b0ab46e7
                                                                                                                                                                                                    0x7ff6b0ab46ee
                                                                                                                                                                                                    0x7ff6b0ab46f3
                                                                                                                                                                                                    0x7ff6b0ab46f5
                                                                                                                                                                                                    0x7ff6b0ab46fb
                                                                                                                                                                                                    0x7ff6b0ab4700
                                                                                                                                                                                                    0x7ff6b0ab4702
                                                                                                                                                                                                    0x7ff6b0ab4712

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.LIBCMT ref: 00007FF6B0AB4687
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA4430: DecodePointer.KERNEL32 ref: 00007FF6B0AA4457
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,?,?,?,00000000,00007FF6B0AAA613,?,?,?,00007FF6B0AAB8EB,?,?,?,00007FF6B0AA78B5), ref: 00007FF6B0AB46D0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateDecodeHeapPointer_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 15861996-0
                                                                                                                                                                                                    • Opcode ID: b0e852ac2ae4dd9ee59b8914b12bc75567783781675997a08f6f7f30866a8375
                                                                                                                                                                                                    • Instruction ID: d7abf14d049192638db7636e022615ba76b411b48c2e68c0d48d73fc3596980e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e852ac2ae4dd9ee59b8914b12bc75567783781675997a08f6f7f30866a8375
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D311C123B1964AA2FF144B2CD6157796BD59F85BA4F188E30CF1E86BC6DF3CA4408200
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACB620 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E00007FF67FF6B0ACB620(void* __ebx, long long __rax, void* __rcx, void* __rsi, void* __rbp, void* __r10) {
				long long _v24;
				long long _v32;
				short _v48;
				char _v56;
				void* __rbx;
				long _t12;
				void* _t19;
				void* _t20;
				long long _t26;
				void* _t27;
				void* _t36;
				void* _t37;

				_t26 = __rax;
				if ( *((long long*)(__rcx + 0x18)) - 3 < 0) goto 0xb0acb6a6;
				_t33 = __rcx;
				E00007FF67FF6B0ACB410(__ebx, _t19, _t20,  *((long long*)(__rcx + 0x18)) - 3, _t27,  &_v56, __rcx, __rbp, _t36, __r10);
				if ( *((long long*)(_t26 + 0x20)) - 8 < 0) goto 0xb0acb647;
				goto 0xb0acb64b;
				_t12 = GetFileAttributesW(??); // executed
				if (_v24 - 8 < 0) goto 0xb0acb665;
				E00007FF67FF6B0AA44D8(_t26, _t27, _v48, _t33, __rsi, _t36, _t37);
				_v24 = 7;
				_v32 = _t26;
				_v48 = 0;
				if (_t12 != 0xffffffff) goto 0xb0acb692;
				if (GetLastError() != 0x20) goto 0xb0acb6a6;
				return 1;
			}















                                                                                                                                                                                                    0x7ff6b0acb620
                                                                                                                                                                                                    0x7ff6b0acb62b
                                                                                                                                                                                                    0x7ff6b0acb62d
                                                                                                                                                                                                    0x7ff6b0acb635
                                                                                                                                                                                                    0x7ff6b0acb63f
                                                                                                                                                                                                    0x7ff6b0acb645
                                                                                                                                                                                                    0x7ff6b0acb64b
                                                                                                                                                                                                    0x7ff6b0acb659
                                                                                                                                                                                                    0x7ff6b0acb660
                                                                                                                                                                                                    0x7ff6b0acb667
                                                                                                                                                                                                    0x7ff6b0acb670
                                                                                                                                                                                                    0x7ff6b0acb675
                                                                                                                                                                                                    0x7ff6b0acb67d
                                                                                                                                                                                                    0x7ff6b0acb688
                                                                                                                                                                                                    0x7ff6b0acb691

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1799206407-0
                                                                                                                                                                                                    • Opcode ID: 8bc7ac336bc4565f4dd3e229d3f68aa04ac1717867004368b237860524ec1113
                                                                                                                                                                                                    • Instruction ID: 10f43fef2c292f83c8aa5aef11c151c5721e2770756e48bb16f8ea610d05791a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bc7ac336bc4565f4dd3e229d3f68aa04ac1717867004368b237860524ec1113
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C01DE23E28941A2EF308B28E8847787BA1EB90714F5A0A30D75DD63E2DF3DD9D49700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAC6C8 Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF67FF6B0AAC6C8(void* __edi, void* __ebp, intOrPtr* __rax, long long __rbx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t15;
				intOrPtr* _t24;
				intOrPtr* _t25;
				long long _t27;
				intOrPtr* _t34;

				_t27 = __rbx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				GetEnvironmentStringsW();
				_t34 = __rax;
				if (__rax != __rbx) goto 0xb0aac6f0;
				goto 0xb0aac73c;
				if ( *__rax == 0) goto 0xb0aac707;
				_t24 = __rax + 2;
				if ( *_t24 != 0) goto 0xb0aac6f5;
				_t25 = _t24 + 2;
				if ( *_t25 != 0) goto 0xb0aac6f5;
				_t39 = 0 - __edi + 2;
				E00007FF67FF6B0AAA574(__ebp, _t25, __rbx, 0 - __edi + 2, __rsi, 0 - __edi + 2); // executed
				if (_t25 == _t27) goto 0xb0aac730;
				E00007FF67FF6B0AAAE90(_t15, _t25 - _t27, _t25, _t34, _t39);
				return FreeEnvironmentStringsW(??);
			}








                                                                                                                                                                                                    0x7ff6b0aac6c8
                                                                                                                                                                                                    0x7ff6b0aac6c8
                                                                                                                                                                                                    0x7ff6b0aac6cd
                                                                                                                                                                                                    0x7ff6b0aac6d2
                                                                                                                                                                                                    0x7ff6b0aac6dc
                                                                                                                                                                                                    0x7ff6b0aac6e4
                                                                                                                                                                                                    0x7ff6b0aac6ea
                                                                                                                                                                                                    0x7ff6b0aac6ee
                                                                                                                                                                                                    0x7ff6b0aac6f3
                                                                                                                                                                                                    0x7ff6b0aac6f5
                                                                                                                                                                                                    0x7ff6b0aac6fc
                                                                                                                                                                                                    0x7ff6b0aac6fe
                                                                                                                                                                                                    0x7ff6b0aac705
                                                                                                                                                                                                    0x7ff6b0aac70c
                                                                                                                                                                                                    0x7ff6b0aac712
                                                                                                                                                                                                    0x7ff6b0aac71d
                                                                                                                                                                                                    0x7ff6b0aac728
                                                                                                                                                                                                    0x7ff6b0aac750

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,00000001,00007FF6B0AA4777), ref: 00007FF6B0AAC6DC
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,00000001,00007FF6B0AA4777), ref: 00007FF6B0AAC733
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3328510275-0
                                                                                                                                                                                                    • Opcode ID: e9e2d5b3a4917f75dcd00ab3f1514e9b6828666610862c6d897de6f71c12553c
                                                                                                                                                                                                    • Instruction ID: 3436254393b5e646dc37abf905d29f81062e14f99e6bed6b9192ddcdc46edc25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9e2d5b3a4917f75dcd00ab3f1514e9b6828666610862c6d897de6f71c12553c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E01A713F0934295FEA0AF5AA54517A6BA0EF54FC0F584D30DB4D937D6DE2CE5818740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA5910 Relevance: 3.0, APIs: 2, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00007FF67FF6B0AA5910(long long __rax) {
				void* _t2;
				void* _t10;

				E00007FF67FF6B0AAB7B0(); // executed
				_t10 = E00007FF67FF6B0AB016C(E00007FF67FF6B0ABA280(E00007FF67FF6B0AB0188(E00007FF67FF6B0AB0428(E00007FF67FF6B0AAFD2C(E00007FF67FF6B0AA4300(E00007FF67FF6B0AB0430(E00007FF67FF6B0AABC90(_t2, __rax), __rax), __rax), __rax), __rax), __rax)), __rax);
				0xb0aab7a8();
				 *0xb0ae0200 = __rax;
				return _t10;
			}





                                                                                                                                                                                                    0x7ff6b0aa5916
                                                                                                                                                                                                    0x7ff6b0aa5959
                                                                                                                                                                                                    0x7ff6b0aa5965
                                                                                                                                                                                                    0x7ff6b0aa596a
                                                                                                                                                                                                    0x7ff6b0aa5976

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _initp_misc_winsig.LIBCMT ref: 00007FF6B0AA5949
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AB016C: EncodePointer.KERNEL32(?,?,?,?,00007FF6B0AA595E,?,?,00000000,00007FF6B0AABAE3,?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AB0177
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,00000000,00007FF6B0AABAE3,?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AA5965
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodePointer$_initp_misc_winsig
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 190222155-0
                                                                                                                                                                                                    • Opcode ID: 74bf83648d0d11f1f7dce34e57aca7fdbc386c1892a025d5a760b0d6547989f4
                                                                                                                                                                                                    • Instruction ID: cc8b505a1d633c6febc4d5ec1971aa87effc7f456d78189d5418c3f68055ec4d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74bf83648d0d11f1f7dce34e57aca7fdbc386c1892a025d5a760b0d6547989f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF0C002E6920B70F848BB6A78624FD1E544FC6B80F582934EB0FDA3D3DD2CE0414380
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AACABC Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$CreateInformation
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1774340351-0
                                                                                                                                                                                                    • Opcode ID: a0f4fcd3cb0a49994bd9f38eb5e0d86323c9ca9cc061fcc2852eb2b41b563da2
                                                                                                                                                                                                    • Instruction ID: ac038447a4ac1bed36833bf61e6441e47b31600a64b425231036de65d06e85e9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0f4fcd3cb0a49994bd9f38eb5e0d86323c9ca9cc061fcc2852eb2b41b563da2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CE0D876E2674152F7889B19940D7653550FF48340F904438DF4E82794DF3CC140CA00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAC308 Relevance: 2.6, APIs: 2, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AAC308(signed int __eax, void* __ecx, long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _v24;
				void* _t22;
				signed int _t35;
				signed long long _t46;
				void* _t49;
				long long _t51;
				signed long long _t64;
				signed long long _t72;
				void* _t77;

				_t67 = __rsi;
				_t63 = __rdi;
				_t61 = __rdx;
				_t46 = _t72;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				_t49 =  *0xb0ae3058; // 0x0
				r12d = 0;
				if (_t49 != _t77) goto 0xb0aac350;
				goto 0xb0aac40b;
				if ((__eax | 0xffffffff) == 0x3d) goto 0xb0aac343;
				E00007FF67FF6B0AAFD34(__eax | 0xffffffff, _t49);
				if (( *(_t49 + 2 + _t46 * 2) & 0x0000ffff) != r12w) goto 0xb0aac33b;
				_t8 = _t63 + 1; // 0x1
				_t22 = E00007FF67FF6B0AAA5E0(_t49 + 2 + _t46 * 2, _t8, __rdx, __rdi, __rsi, __rbp);
				_t64 = _t46;
				 *0xb0ae3090 = _t46;
				if (_t46 == _t77) goto 0xb0aac333;
				_t51 =  *0xb0ae3058; // 0x0
				if ( *_t51 == r12w) goto 0xb0aac3ed;
				E00007FF67FF6B0AAFD34(_t22, _t51);
				_t9 = _t46 + 1; // 0x1
				_t35 = _t9;
				if ( *_t51 == 0x3d) goto 0xb0aac3d9;
				_t70 = _t35;
				E00007FF67FF6B0AAA5E0(_t51, _t35, _t61, _t64, _t67, _t35); // executed
				 *_t64 = _t46;
				if (_t46 == _t77) goto 0xb0aac426;
				if (E00007FF67FF6B0AA5EE0(_t46, _t51, _t46, _t70, _t51) == r12d) goto 0xb0aac3d5;
				r9d = 0;
				r8d = 0;
				_v24 = _t77;
				E00007FF67FF6B0AA4308();
				if ( *((intOrPtr*)(_t51 + _t35 * 2)) != r12w) goto 0xb0aac385;
				free(_t77);
				 *0xb0ae3058 = _t77;
				 *(_t64 + 8) = _t77;
				 *0xb0ae9c04 = 1;
				return 0;
			}












                                                                                                                                                                                                    0x7ff6b0aac308
                                                                                                                                                                                                    0x7ff6b0aac308
                                                                                                                                                                                                    0x7ff6b0aac308
                                                                                                                                                                                                    0x7ff6b0aac308
                                                                                                                                                                                                    0x7ff6b0aac30b
                                                                                                                                                                                                    0x7ff6b0aac30f
                                                                                                                                                                                                    0x7ff6b0aac313
                                                                                                                                                                                                    0x7ff6b0aac317
                                                                                                                                                                                                    0x7ff6b0aac321
                                                                                                                                                                                                    0x7ff6b0aac328
                                                                                                                                                                                                    0x7ff6b0aac331
                                                                                                                                                                                                    0x7ff6b0aac336
                                                                                                                                                                                                    0x7ff6b0aac33f
                                                                                                                                                                                                    0x7ff6b0aac346
                                                                                                                                                                                                    0x7ff6b0aac357
                                                                                                                                                                                                    0x7ff6b0aac359
                                                                                                                                                                                                    0x7ff6b0aac364
                                                                                                                                                                                                    0x7ff6b0aac369
                                                                                                                                                                                                    0x7ff6b0aac36c
                                                                                                                                                                                                    0x7ff6b0aac376
                                                                                                                                                                                                    0x7ff6b0aac378
                                                                                                                                                                                                    0x7ff6b0aac383
                                                                                                                                                                                                    0x7ff6b0aac388
                                                                                                                                                                                                    0x7ff6b0aac391
                                                                                                                                                                                                    0x7ff6b0aac391
                                                                                                                                                                                                    0x7ff6b0aac394
                                                                                                                                                                                                    0x7ff6b0aac396
                                                                                                                                                                                                    0x7ff6b0aac3a1
                                                                                                                                                                                                    0x7ff6b0aac3a6
                                                                                                                                                                                                    0x7ff6b0aac3ac
                                                                                                                                                                                                    0x7ff6b0aac3bf
                                                                                                                                                                                                    0x7ff6b0aac3c1
                                                                                                                                                                                                    0x7ff6b0aac3c4
                                                                                                                                                                                                    0x7ff6b0aac3cb
                                                                                                                                                                                                    0x7ff6b0aac3d0
                                                                                                                                                                                                    0x7ff6b0aac3e4
                                                                                                                                                                                                    0x7ff6b0aac3f0
                                                                                                                                                                                                    0x7ff6b0aac3f5
                                                                                                                                                                                                    0x7ff6b0aac3fc
                                                                                                                                                                                                    0x7ff6b0aac3ff
                                                                                                                                                                                                    0x7ff6b0aac425

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: c1d1efebb4359f288f5ab5fbc08614582816a885133ec421e98c48bdfdb18eab
                                                                                                                                                                                                    • Instruction ID: 0abbe834710494bf9dc30dd6b02cd9156122526e356989167ebdb09d43c09ce6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1d1efebb4359f288f5ab5fbc08614582816a885133ec421e98c48bdfdb18eab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56318023A19642A1FB64AB29E4052797BA4FB84BC0F688931DB4D877E7DF7CE451C304
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAA574 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF6B0AAA593
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _FF_MSGBANNER.LIBCMT ref: 00007FF6B0AA48E0
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6B0AAA598,?,?,00000000,00007FF6B0AAFED9,?,?,?,00007FF6B0AAFF83), ref: 00007FF6B0AA4905
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _errno.LIBCMT ref: 00007FF6B0AA4929
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _errno.LIBCMT ref: 00007FF6B0AA4934
                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,00000000,00007FF6B0AAFED9,?,?,?,00007FF6B0AAFF83), ref: 00007FF6B0AAA5AA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$AllocateHeapSleepmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4275769124-0
                                                                                                                                                                                                    • Opcode ID: bd13dfa245dfbbdecbc5965e138b5fdfee0d4ec3a6d1675b05ac1045423cc446
                                                                                                                                                                                                    • Instruction ID: 9c552d3687158eedda260aa4cf51a1f9538bea9d062827eaf252b62ebb8cc353
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd13dfa245dfbbdecbc5965e138b5fdfee0d4ec3a6d1675b05ac1045423cc446
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0C833E1868696E6459F19B44003D77E0FB94B90F644A74EB5D47786CF3CE8518740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB0024 Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,00000001,00007FF6B0AA56CF,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AB003D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2118026453-0
                                                                                                                                                                                                    • Opcode ID: bfac969eb8d0f6839c0f34c126e53fdce9e834d7b244de2d6ab758f89b9f9e62
                                                                                                                                                                                                    • Instruction ID: 1e56b051e42daeb8ddf244c6c917bd5886cdd0b0ae85179655168f54554d0da5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfac969eb8d0f6839c0f34c126e53fdce9e834d7b244de2d6ab758f89b9f9e62
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBD05B33F7454591DB415B25F59026C27A4EBC57D4F688031D75C47756CD3CC556C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAA5E0 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                                                    			E00007FF67FF6B0AAA5E0(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t10;
				void* _t11;
				void* _t17;
				void* _t20;
				long long _t29;
				void* _t37;
				void* _t40;
				long _t41;

				_t29 = __rdi;
				_t20 = _t37;
				 *((long long*)(_t20 + 8)) = __rbx;
				 *((long long*)(_t20 + 0x10)) = __rbp;
				 *((long long*)(_t20 + 0x18)) = __rsi;
				 *((long long*)(_t20 + 0x20)) = __rdi;
				r12d = r12d | 0xffffffff;
				r8d = 0;
				_t11 = E00007FF67FF6B0AB4664(_t10, __rbx, __rcx, __rdx, __rdx, __rcx, _t40); // executed
				if (_t20 != 0) goto 0xb0aaa645;
				_t17 =  *0xb0ae30c0 - _t11; // 0x0
				if (_t17 <= 0) goto 0xb0aaa645;
				Sleep(_t41);
				_t5 = _t29 + 0x3e8; // 0x3e8
				r11d = _t5;
				_t15 =  >  ? r12d : r11d;
				_t19 = ( >  ? r12d : r11d) - r12d;
				if (( >  ? r12d : r11d) != r12d) goto 0xb0aaa605;
				return _t11;
			}











                                                                                                                                                                                                    0x7ff6b0aaa5e0
                                                                                                                                                                                                    0x7ff6b0aaa5e0
                                                                                                                                                                                                    0x7ff6b0aaa5e3
                                                                                                                                                                                                    0x7ff6b0aaa5e7
                                                                                                                                                                                                    0x7ff6b0aaa5eb
                                                                                                                                                                                                    0x7ff6b0aaa5ef
                                                                                                                                                                                                    0x7ff6b0aaa601
                                                                                                                                                                                                    0x7ff6b0aaa605
                                                                                                                                                                                                    0x7ff6b0aaa60e
                                                                                                                                                                                                    0x7ff6b0aaa619
                                                                                                                                                                                                    0x7ff6b0aaa61b
                                                                                                                                                                                                    0x7ff6b0aaa621
                                                                                                                                                                                                    0x7ff6b0aaa625
                                                                                                                                                                                                    0x7ff6b0aaa62b
                                                                                                                                                                                                    0x7ff6b0aaa62b
                                                                                                                                                                                                    0x7ff6b0aaa63c
                                                                                                                                                                                                    0x7ff6b0aaa640
                                                                                                                                                                                                    0x7ff6b0aaa643
                                                                                                                                                                                                    0x7ff6b0aaa662

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,?,00007FF6B0AAB8EB,?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871), ref: 00007FF6B0AAA625
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1068366078-0
                                                                                                                                                                                                    • Opcode ID: e0c6aa7e01e015a0de39a721ee99d897d7ef22429643003cfd3a104248ad44f7
                                                                                                                                                                                                    • Instruction ID: 0490408e64e1972ce946f7094601d5cfa1e55c0538174676ff09ce52c652a43d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0c6aa7e01e015a0de39a721ee99d897d7ef22429643003cfd3a104248ad44f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D701A223A24B8596EA449F1A9804129BBA1FB98FD0B194575EF5D43B91CF3CE851CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00007FF6B0AB8D70 Relevance: 40.8, APIs: 27, Instructions: 305COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF67FF6B0AB8D70(void* __ebx, long long __rbx, long long __rcx, void* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t122;
				void* _t135;
				intOrPtr _t137;
				char _t156;
				intOrPtr _t158;
				intOrPtr* _t165;
				long long _t174;
				intOrPtr* _t180;
				intOrPtr* _t183;
				intOrPtr _t184;
				intOrPtr* _t185;
				intOrPtr* _t189;
				intOrPtr* _t190;
				intOrPtr _t202;
				long long _t209;
				intOrPtr _t213;
				void* _t214;
				void* _t216;
				intOrPtr* _t217;
				intOrPtr _t219;
				intOrPtr _t222;
				intOrPtr* _t223;
				long long _t224;
				void* _t226;
				intOrPtr* _t229;
				intOrPtr _t230;
				void* _t232;
				intOrPtr* _t236;
				void* _t239;
				void* _t240;
				void* _t255;
				intOrPtr _t256;
				intOrPtr _t258;
				void* _t260;
				void* _t264;
				intOrPtr* _t266;
				intOrPtr* _t268;
				void* _t270;
				intOrPtr _t271;

				_t244 = __r9;
				_t242 = __r8;
				_t214 = __rdx;
				_t122 = __ebx;
				 *((long long*)(_t239 + 8)) = __rcx;
				_t240 = _t239 - 0x90;
				 *((long long*)(_t240 + 0x20)) = 0xfffffffe;
				 *((long long*)(_t240 + 0xe8)) = __rbx;
				 *((long long*)(__rcx)) = 0xb0ad3d10;
				_t217 =  *((intOrPtr*)(__rcx + 0x80));
				if (_t217 -  *((intOrPtr*)(__rcx + 0x88)) <= 0) goto 0xb0ab8dba;
				E00007FF67FF6B0AA44B8();
				_t183 =  *((intOrPtr*)(__rcx + 0x68));
				_t256 =  *((intOrPtr*)(__rcx + 0x88));
				if ( *((intOrPtr*)(__rcx + 0x80)) - _t256 <= 0) goto 0xb0ab8dd3;
				E00007FF67FF6B0AA44B8();
				if (_t183 == 0) goto 0xb0ab8de1;
				if (_t183 ==  *((intOrPtr*)(__rcx + 0x68))) goto 0xb0ab8de6;
				E00007FF67FF6B0AA44B8();
				if (_t217 == _t256) goto 0xb0ab8eb1;
				if (_t183 != 0) goto 0xb0ab8dfe;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8e01;
				_t135 = _t217 -  *((intOrPtr*)( *_t183 + 0x20));
				if (_t135 < 0) goto 0xb0ab8e0c;
				E00007FF67FF6B0AA44B8();
				asm("lock xadd [esi], eax");
				asm("bt eax, 0x1e");
				if (_t135 < 0) goto 0xb0ab8e66;
				if (0x80000000 - 0x80000000 <= 0) goto 0xb0ab8e66;
				asm("lock bts dword [esi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0xb0ab8e66;
				_t137 =  *((intOrPtr*)( *((intOrPtr*)(_t217 + 8)) + 8));
				if (_t137 != 0) goto 0xb0ab8e5d;
				E00007FF67FF6B0A93F90(0, 0, 0xb0ad3d10,  *((intOrPtr*)(_t217 + 8)), __r9);
				asm("lock dec esp");
				if (_t137 == 0) goto 0xb0ab8e5a;
				CloseHandle(_t270);
				goto 0xb0ab8e5d;
				SetEvent(_t264);
				if (_t183 != 0) goto 0xb0ab8e75;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8e78;
				if (_t217 -  *((intOrPtr*)( *_t183 + 0x20)) < 0) goto 0xb0ab8e83;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AB8BD0(_t122, 0, 0xb0ad3d10, _t183,  *_t217, _t214,  *((intOrPtr*)(_t217 + 8)), 0xb0ad3d10, __r8, __r9, _t260, _t255);
				if (_t183 != 0) goto 0xb0ab8e9a;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8e9d;
				if (_t217 -  *((intOrPtr*)( *_t183 + 0x20)) < 0) goto 0xb0ab8ea8;
				E00007FF67FF6B0AA44B8();
				goto 0xb0ab8dd7;
				_t266 =  *((intOrPtr*)(_t240 + 0xd0)) + 0x98;
				 *((long long*)(_t240 + 0xe0)) = _t266;
				_t236 =  *((intOrPtr*)(_t266 + 0x18));
				if (_t236 -  *((intOrPtr*)(_t266 + 0x20)) <= 0) goto 0xb0ab8ed7;
				E00007FF67FF6B0AA44B8();
				_t229 =  *_t266;
				_t271 =  *((intOrPtr*)(_t266 + 0x20));
				if ( *((intOrPtr*)(_t266 + 0x18)) - _t271 <= 0) goto 0xb0ab8ee9;
				E00007FF67FF6B0AA44B8();
				if (_t229 == 0) goto 0xb0ab8efa;
				if (_t229 ==  *_t266) goto 0xb0ab8eff;
				E00007FF67FF6B0AA44B8();
				if (_t236 == _t271) goto 0xb0ab907f;
				if (_t229 != 0) goto 0xb0ab8f17;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8f1a;
				if (_t236 -  *((intOrPtr*)( *_t229 + 0x20)) < 0) goto 0xb0ab8f25;
				E00007FF67FF6B0AA44B8();
				_t184 =  *_t236;
				 *((long long*)(_t240 + 0x28)) = _t184 + 0x30;
				 *((char*)(_t240 + 0x30)) = 0;
				E00007FF67FF6B0AB89A0(0, 0, _t184 + 0x30, _t240 + 0x28, _t217 + 0x10, _t229, _t236, __r8, __r9);
				 *((char*)(_t184 + 0x28)) = 1;
				E00007FF67FF6B0AB8BD0(_t122, 0, _t184 + 0x30, _t184, _t184 + 0x40, _t214, _t229, _t236, __r8, __r9, _t216, _t226);
				 *((long long*)(_t240 + 0x48)) =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0xb8))));
				_t174 =  *((intOrPtr*)(_t184 + 0x90));
				 *((long long*)(_t240 + 0x40)) = _t174;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm0");
				_t185 =  *((intOrPtr*)(_t240 + 0x50));
				_t219 =  *((intOrPtr*)(_t240 + 0x58));
				if (_t185 == 0) goto 0xb0ab8f9a;
				if (_t185 == _t174) goto 0xb0ab8f9f;
				E00007FF67FF6B0AA44B8();
				if (_t219 ==  *((intOrPtr*)(_t184 + 0xb8))) goto 0xb0ab8fec;
				if (_t185 != 0) goto 0xb0ab8fb3;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8fb6;
				if (_t219 !=  *((intOrPtr*)( *_t185 + 0x28))) goto 0xb0ab8fc1;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AB8BD0(_t122, 0, _t174, _t185,  *((intOrPtr*)(_t219 + 0x10)), _t214, _t229, _t236, __r8, __r9);
				if (_t185 != 0) goto 0xb0ab8fd9;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8fdc;
				if (_t219 !=  *((intOrPtr*)( *_t185 + 0x28))) goto 0xb0ab8fe7;
				E00007FF67FF6B0AA44B8();
				goto 0xb0ab8f90;
				_t156 =  *((char*)(_t240 + 0x30));
				if (_t156 == 0) goto 0xb0ab9059;
				asm("lock xadd [eax], ecx");
				asm("bt ecx, 0x1e");
				if (_t156 < 0) goto 0xb0ab9059;
				if (0x80000000 - 0x80000000 <= 0) goto 0xb0ab9059;
				asm("lock bts dword [eax], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0xb0ab9059;
				_t158 =  *((intOrPtr*)( *((intOrPtr*)(_t240 + 0x28)) + 8));
				if (_t158 != 0) goto 0xb0ab9050;
				E00007FF67FF6B0A93F90(0, 0,  *((intOrPtr*)(_t240 + 0x28)), _t229, __r9);
				asm("lock dec esp");
				if (_t158 == 0) goto 0xb0ab904d;
				CloseHandle(_t232);
				goto 0xb0ab9050;
				SetEvent(??);
				if (_t229 != 0) goto 0xb0ab9068;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab906b;
				if (_t236 -  *((intOrPtr*)( *_t229 + 0x20)) < 0) goto 0xb0ab9076;
				E00007FF67FF6B0AA44B8();
				goto 0xb0ab8ef0;
				_t258 =  *((intOrPtr*)(_t240 + 0xd0));
				_t202 =  *((intOrPtr*)(_t258 + 0xc8));
				_t268 =  *((intOrPtr*)(_t240 + 0xe0));
				if (_t202 == 0) goto 0xb0ab90a9;
				if (_t202 == 0xffffffff) goto 0xb0ab90a9;
				CloseHandle(??);
				 *((long long*)(_t240 + 0xd8)) = _t268;
				_t222 =  *((intOrPtr*)(_t268 + 0x18));
				if (_t222 == 0) goto 0xb0ab9105;
				_t230 =  *((intOrPtr*)(_t268 + 0x20));
				if (_t222 == _t230) goto 0xb0ab90fc;
				_t223 = _t222 + 8;
				_t189 =  *_t223;
				_t165 = _t189;
				if (_t165 == 0) goto 0xb0ab90ef;
				asm("lock add dword [ebx+0x8], 0xffffffff");
				if (_t165 != 0) goto 0xb0ab90ef;
				 *((intOrPtr*)( *_t189 + 8))();
				asm("lock add dword [ebx+0xc], 0xffffffff");
				if (_t165 != 0) goto 0xb0ab90ef;
				 *((intOrPtr*)( *_t189 + 0x10))();
				_t224 = _t223 + 0x10;
				if (_t224 - 8 != _t230) goto 0xb0ab90c7;
				E00007FF67FF6B0AA44D8(_t224 - 8, _t189,  *((intOrPtr*)(_t268 + 0x18)), _t214, _t230, __r8, __r9);
				 *((long long*)(_t268 + 0x18)) = _t224;
				 *((long long*)(_t268 + 0x20)) = _t224;
				 *((long long*)(_t268 + 0x28)) = _t224;
				E00007FF67FF6B0AA44D8(_t224 - 8, _t189,  *_t268, _t214, _t230, _t242, _t244);
				if ( *((intOrPtr*)(_t258 + 0x80)) == 0) goto 0xb0ab912e;
				E00007FF67FF6B0AA44D8(_t224 - 8, _t189,  *((intOrPtr*)(_t258 + 0x80)), _t214, _t230, _t242, _t244);
				 *((long long*)(_t258 + 0x80)) = _t224;
				 *((long long*)(_t258 + 0x88)) = _t224;
				 *((long long*)(_t258 + 0x90)) = _t224;
				E00007FF67FF6B0AA44D8(_t224 - 8, _t189,  *((intOrPtr*)(_t258 + 0x68)), _t214, _t230, _t242, _t244);
				_t190 = _t258 + 0x28;
				 *((long long*)(_t240 + 0xd8)) = _t190;
				_t64 = _t190 + 0x30; // 0x44c748000000e0ec
				_t180 =  *_t64;
				 *((long long*)(_t240 + 0x58)) = _t180;
				_t209 =  *_t190;
				 *((long long*)(_t240 + 0x50)) = _t209;
				 *((long long*)(_t240 + 0x48)) =  *_t180;
				 *((long long*)(_t240 + 0x40)) = _t209;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x70], xmm1");
				E00007FF67FF6B0A955C0(_t190, _t190, _t240 + 0x80, _t224, _t230, _t240 + 0x70, _t240 + 0x60);
				_t72 = _t190 + 0x30; // 0x44c748000000e0ec
				E00007FF67FF6B0AA44D8( *_t180, _t190,  *_t72, _t240 + 0x80, _t230, _t240 + 0x70, _t240 + 0x60);
				 *((long long*)(_t190 + 0x30)) = _t224;
				 *((long long*)(_t190 + 0x38)) = _t224;
				E00007FF67FF6B0AA44D8( *_t180, _t190,  *_t190, _t240 + 0x80, _t230, _t240 + 0x70, _t240 + 0x60);
				_t213 =  *((intOrPtr*)(_t258 + 0x10));
				if (_t213 == 0) goto 0xb0ab91dc;
				if (_t213 == 0xffffffff) goto 0xb0ab91dc;
				return CloseHandle(??);
			}













































                                                                                                                                                                                                    0x7ff6b0ab8d70
                                                                                                                                                                                                    0x7ff6b0ab8d70
                                                                                                                                                                                                    0x7ff6b0ab8d70
                                                                                                                                                                                                    0x7ff6b0ab8d70
                                                                                                                                                                                                    0x7ff6b0ab8d70
                                                                                                                                                                                                    0x7ff6b0ab8d80
                                                                                                                                                                                                    0x7ff6b0ab8d87
                                                                                                                                                                                                    0x7ff6b0ab8d90
                                                                                                                                                                                                    0x7ff6b0ab8da2
                                                                                                                                                                                                    0x7ff6b0ab8da5
                                                                                                                                                                                                    0x7ff6b0ab8db3
                                                                                                                                                                                                    0x7ff6b0ab8db5
                                                                                                                                                                                                    0x7ff6b0ab8dba
                                                                                                                                                                                                    0x7ff6b0ab8dbe
                                                                                                                                                                                                    0x7ff6b0ab8dcc
                                                                                                                                                                                                    0x7ff6b0ab8dce
                                                                                                                                                                                                    0x7ff6b0ab8dda
                                                                                                                                                                                                    0x7ff6b0ab8ddf
                                                                                                                                                                                                    0x7ff6b0ab8de1
                                                                                                                                                                                                    0x7ff6b0ab8de9
                                                                                                                                                                                                    0x7ff6b0ab8df2
                                                                                                                                                                                                    0x7ff6b0ab8df4
                                                                                                                                                                                                    0x7ff6b0ab8df9
                                                                                                                                                                                                    0x7ff6b0ab8dfc
                                                                                                                                                                                                    0x7ff6b0ab8e01
                                                                                                                                                                                                    0x7ff6b0ab8e05
                                                                                                                                                                                                    0x7ff6b0ab8e07
                                                                                                                                                                                                    0x7ff6b0ab8e15
                                                                                                                                                                                                    0x7ff6b0ab8e19
                                                                                                                                                                                                    0x7ff6b0ab8e1d
                                                                                                                                                                                                    0x7ff6b0ab8e24
                                                                                                                                                                                                    0x7ff6b0ab8e26
                                                                                                                                                                                                    0x7ff6b0ab8e2b
                                                                                                                                                                                                    0x7ff6b0ab8e31
                                                                                                                                                                                                    0x7ff6b0ab8e34
                                                                                                                                                                                                    0x7ff6b0ab8e3a
                                                                                                                                                                                                    0x7ff6b0ab8e44
                                                                                                                                                                                                    0x7ff6b0ab8e4d
                                                                                                                                                                                                    0x7ff6b0ab8e52
                                                                                                                                                                                                    0x7ff6b0ab8e58
                                                                                                                                                                                                    0x7ff6b0ab8e60
                                                                                                                                                                                                    0x7ff6b0ab8e69
                                                                                                                                                                                                    0x7ff6b0ab8e6b
                                                                                                                                                                                                    0x7ff6b0ab8e70
                                                                                                                                                                                                    0x7ff6b0ab8e73
                                                                                                                                                                                                    0x7ff6b0ab8e7c
                                                                                                                                                                                                    0x7ff6b0ab8e7e
                                                                                                                                                                                                    0x7ff6b0ab8e86
                                                                                                                                                                                                    0x7ff6b0ab8e8e
                                                                                                                                                                                                    0x7ff6b0ab8e90
                                                                                                                                                                                                    0x7ff6b0ab8e95
                                                                                                                                                                                                    0x7ff6b0ab8e98
                                                                                                                                                                                                    0x7ff6b0ab8ea1
                                                                                                                                                                                                    0x7ff6b0ab8ea3
                                                                                                                                                                                                    0x7ff6b0ab8eac
                                                                                                                                                                                                    0x7ff6b0ab8eb9
                                                                                                                                                                                                    0x7ff6b0ab8ec0
                                                                                                                                                                                                    0x7ff6b0ab8ec8
                                                                                                                                                                                                    0x7ff6b0ab8ed0
                                                                                                                                                                                                    0x7ff6b0ab8ed2
                                                                                                                                                                                                    0x7ff6b0ab8ed7
                                                                                                                                                                                                    0x7ff6b0ab8eda
                                                                                                                                                                                                    0x7ff6b0ab8ee2
                                                                                                                                                                                                    0x7ff6b0ab8ee4
                                                                                                                                                                                                    0x7ff6b0ab8ef3
                                                                                                                                                                                                    0x7ff6b0ab8ef8
                                                                                                                                                                                                    0x7ff6b0ab8efa
                                                                                                                                                                                                    0x7ff6b0ab8f02
                                                                                                                                                                                                    0x7ff6b0ab8f0b
                                                                                                                                                                                                    0x7ff6b0ab8f0d
                                                                                                                                                                                                    0x7ff6b0ab8f12
                                                                                                                                                                                                    0x7ff6b0ab8f15
                                                                                                                                                                                                    0x7ff6b0ab8f1e
                                                                                                                                                                                                    0x7ff6b0ab8f20
                                                                                                                                                                                                    0x7ff6b0ab8f25
                                                                                                                                                                                                    0x7ff6b0ab8f2d
                                                                                                                                                                                                    0x7ff6b0ab8f32
                                                                                                                                                                                                    0x7ff6b0ab8f3c
                                                                                                                                                                                                    0x7ff6b0ab8f42
                                                                                                                                                                                                    0x7ff6b0ab8f4a
                                                                                                                                                                                                    0x7ff6b0ab8f59
                                                                                                                                                                                                    0x7ff6b0ab8f5e
                                                                                                                                                                                                    0x7ff6b0ab8f65
                                                                                                                                                                                                    0x7ff6b0ab8f6a
                                                                                                                                                                                                    0x7ff6b0ab8f6f
                                                                                                                                                                                                    0x7ff6b0ab8f7f
                                                                                                                                                                                                    0x7ff6b0ab8f84
                                                                                                                                                                                                    0x7ff6b0ab8f93
                                                                                                                                                                                                    0x7ff6b0ab8f98
                                                                                                                                                                                                    0x7ff6b0ab8f9a
                                                                                                                                                                                                    0x7ff6b0ab8fa2
                                                                                                                                                                                                    0x7ff6b0ab8fa7
                                                                                                                                                                                                    0x7ff6b0ab8fa9
                                                                                                                                                                                                    0x7ff6b0ab8fae
                                                                                                                                                                                                    0x7ff6b0ab8fb1
                                                                                                                                                                                                    0x7ff6b0ab8fba
                                                                                                                                                                                                    0x7ff6b0ab8fbc
                                                                                                                                                                                                    0x7ff6b0ab8fc5
                                                                                                                                                                                                    0x7ff6b0ab8fcd
                                                                                                                                                                                                    0x7ff6b0ab8fcf
                                                                                                                                                                                                    0x7ff6b0ab8fd4
                                                                                                                                                                                                    0x7ff6b0ab8fd7
                                                                                                                                                                                                    0x7ff6b0ab8fe0
                                                                                                                                                                                                    0x7ff6b0ab8fe2
                                                                                                                                                                                                    0x7ff6b0ab8fea
                                                                                                                                                                                                    0x7ff6b0ab8fec
                                                                                                                                                                                                    0x7ff6b0ab8ff1
                                                                                                                                                                                                    0x7ff6b0ab8ffd
                                                                                                                                                                                                    0x7ff6b0ab9001
                                                                                                                                                                                                    0x7ff6b0ab9005
                                                                                                                                                                                                    0x7ff6b0ab900d
                                                                                                                                                                                                    0x7ff6b0ab9014
                                                                                                                                                                                                    0x7ff6b0ab9019
                                                                                                                                                                                                    0x7ff6b0ab9024
                                                                                                                                                                                                    0x7ff6b0ab9027
                                                                                                                                                                                                    0x7ff6b0ab902d
                                                                                                                                                                                                    0x7ff6b0ab9037
                                                                                                                                                                                                    0x7ff6b0ab9040
                                                                                                                                                                                                    0x7ff6b0ab9045
                                                                                                                                                                                                    0x7ff6b0ab904b
                                                                                                                                                                                                    0x7ff6b0ab9053
                                                                                                                                                                                                    0x7ff6b0ab905c
                                                                                                                                                                                                    0x7ff6b0ab905e
                                                                                                                                                                                                    0x7ff6b0ab9063
                                                                                                                                                                                                    0x7ff6b0ab9066
                                                                                                                                                                                                    0x7ff6b0ab906f
                                                                                                                                                                                                    0x7ff6b0ab9071
                                                                                                                                                                                                    0x7ff6b0ab907a
                                                                                                                                                                                                    0x7ff6b0ab907f
                                                                                                                                                                                                    0x7ff6b0ab9087
                                                                                                                                                                                                    0x7ff6b0ab9092
                                                                                                                                                                                                    0x7ff6b0ab909a
                                                                                                                                                                                                    0x7ff6b0ab90a0
                                                                                                                                                                                                    0x7ff6b0ab90a2
                                                                                                                                                                                                    0x7ff6b0ab90a9
                                                                                                                                                                                                    0x7ff6b0ab90b1
                                                                                                                                                                                                    0x7ff6b0ab90b8
                                                                                                                                                                                                    0x7ff6b0ab90ba
                                                                                                                                                                                                    0x7ff6b0ab90c1
                                                                                                                                                                                                    0x7ff6b0ab90c3
                                                                                                                                                                                                    0x7ff6b0ab90c7
                                                                                                                                                                                                    0x7ff6b0ab90ca
                                                                                                                                                                                                    0x7ff6b0ab90cd
                                                                                                                                                                                                    0x7ff6b0ab90cf
                                                                                                                                                                                                    0x7ff6b0ab90d4
                                                                                                                                                                                                    0x7ff6b0ab90dc
                                                                                                                                                                                                    0x7ff6b0ab90df
                                                                                                                                                                                                    0x7ff6b0ab90e4
                                                                                                                                                                                                    0x7ff6b0ab90ec
                                                                                                                                                                                                    0x7ff6b0ab90ef
                                                                                                                                                                                                    0x7ff6b0ab90fa
                                                                                                                                                                                                    0x7ff6b0ab9100
                                                                                                                                                                                                    0x7ff6b0ab9107
                                                                                                                                                                                                    0x7ff6b0ab910b
                                                                                                                                                                                                    0x7ff6b0ab910f
                                                                                                                                                                                                    0x7ff6b0ab9116
                                                                                                                                                                                                    0x7ff6b0ab9127
                                                                                                                                                                                                    0x7ff6b0ab9129
                                                                                                                                                                                                    0x7ff6b0ab912e
                                                                                                                                                                                                    0x7ff6b0ab9136
                                                                                                                                                                                                    0x7ff6b0ab913e
                                                                                                                                                                                                    0x7ff6b0ab914b
                                                                                                                                                                                                    0x7ff6b0ab9151
                                                                                                                                                                                                    0x7ff6b0ab9156
                                                                                                                                                                                                    0x7ff6b0ab915e
                                                                                                                                                                                                    0x7ff6b0ab915e
                                                                                                                                                                                                    0x7ff6b0ab9162
                                                                                                                                                                                                    0x7ff6b0ab9167
                                                                                                                                                                                                    0x7ff6b0ab916a
                                                                                                                                                                                                    0x7ff6b0ab9172
                                                                                                                                                                                                    0x7ff6b0ab9177
                                                                                                                                                                                                    0x7ff6b0ab917c
                                                                                                                                                                                                    0x7ff6b0ab9181
                                                                                                                                                                                                    0x7ff6b0ab9187
                                                                                                                                                                                                    0x7ff6b0ab918c
                                                                                                                                                                                                    0x7ff6b0ab91a7
                                                                                                                                                                                                    0x7ff6b0ab91ac
                                                                                                                                                                                                    0x7ff6b0ab91b0
                                                                                                                                                                                                    0x7ff6b0ab91b5
                                                                                                                                                                                                    0x7ff6b0ab91b9
                                                                                                                                                                                                    0x7ff6b0ab91c0
                                                                                                                                                                                                    0x7ff6b0ab91c6
                                                                                                                                                                                                    0x7ff6b0ab91ce
                                                                                                                                                                                                    0x7ff6b0ab91d4
                                                                                                                                                                                                    0x7ff6b0ab91f6

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseHandle$Event
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2169016680-0
                                                                                                                                                                                                    • Opcode ID: ccb0c04af5b048eba43420b57f02c5b60818a04f1f3508e1cd6e1abe130cdd7e
                                                                                                                                                                                                    • Instruction ID: c8c862fdc3c32649aa53b40298b58c756c013770634448f05d34b775650f7be3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccb0c04af5b048eba43420b57f02c5b60818a04f1f3508e1cd6e1abe130cdd7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BD18F23A08A46A2EA60AB2DD44437DABA5FF48B90F554931EB5D977D7CF3CE441C310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB0EF0 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF67FF6B0AB0EF0(void* __ebx, signed long long __ecx, signed int __esi, void* __rax, long long __rbx, void* __rcx, char* __rdx, void* __r8, void* __r11) {
				void* __rsi;
				void* __rbp;
				int _t188;
				int _t193;
				signed int _t196;
				char _t207;
				signed int _t214;
				signed int _t220;
				int _t224;
				long _t228;
				void* _t234;
				signed int _t236;
				signed int _t237;
				char _t250;
				signed int _t283;
				void* _t285;
				signed int _t288;
				signed int _t290;
				signed long long _t360;
				signed long long _t361;
				intOrPtr _t364;
				signed int* _t371;
				signed int* _t386;
				signed long long _t388;
				intOrPtr* _t389;
				void* _t390;
				signed short* _t391;
				signed long long _t392;
				intOrPtr _t395;
				intOrPtr _t408;
				intOrPtr* _t417;
				char* _t427;
				intOrPtr _t430;
				int _t442;
				short* _t444;
				char* _t445;
				char* _t446;
				short* _t449;
				signed int* _t450;
				int _t454;
				intOrPtr* _t456;
				signed short* _t457;
				void* _t461;
				signed long long _t462;
				void* _t467;
				void* _t474;
				int _t476;
				char* _t477;
				void* _t479;
				void* _t481;
				signed long long _t483;
				signed long long _t485;
				void* _t489;
				signed long long _t491;

				_t475 = __r11;
				_t464 = __r8;
				_t427 = __rdx;
				_t283 = __esi;
				_t234 = __ebx;
				 *((long long*)(_t461 + 0x20)) = __rbx;
				E00007FF67FF6B0ACC0A0(0x1b30, __rax, _t474, __r11);
				_t462 = _t461 - __rax;
				_t360 =  *0xb0ae0430; // 0x449f37dbf1f
				_t361 = _t360 ^ _t462;
				 *(_t462 + 0x1b20) = _t361;
				r13d = r8d;
				_t477 = __rdx;
				_t388 = __ecx;
				 *(_t462 + 0x40) = 0;
				if (r8d != 0) goto 0xb0ab0f3c;
				goto 0xb0ab1623;
				if (__rdx != 0) goto 0xb0ab0f6f;
				E00007FF67FF6B0AA78CC(_t361);
				 *_t361 =  *_t361 & 0;
				E00007FF67FF6B0AA78AC(_t361);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r9d = 0;
				r8d = 0;
				 *_t361 = 0x16;
				E00007FF67FF6B0AA4430(_t361, __ecx, __rcx, __rdx, _t444, _t454, __r8, _t489, _t481);
				goto 0xb0ab1623;
				_t483 = _t388 >> 5;
				r15d = r15d & 0x0000001f;
				_t395 =  *((intOrPtr*)(0xb0ae89e0 + _t483 * 8));
				 *(_t462 + 0x50) = _t483;
				_t491 = _t388 * 0x58;
				sil =  *(_t491 + _t395 + 0x38);
				sil = sil + sil;
				sil = sil >> 1;
				if (sil == 2) goto 0xb0ab0fa8;
				if (sil != 1) goto 0xb0ab0fb1;
				if (( !r13d & 0x00000001) == 0) goto 0xb0ab0f41;
				if (( *(_t491 + _t395 + 8) & 0x00000020) == 0) goto 0xb0ab0fc6;
				_t17 = _t427 + 2; // 0x2
				r8d = _t17;
				E00007FF67FF6B0AB4D74(_t234, _t234, 0xb0ae89e0, _t388, _t427);
				if (E00007FF67FF6B0AB4F44(_t234, 0xb0ae89e0, _t388, _t444, _t454, _t464) == 0) goto 0xb0ab12c6;
				_t364 =  *((intOrPtr*)(0xb0ae89e0 + _t483 * 8));
				if (( *(_t491 + 0x7ff6b0ae89e8) & 0x00000080) == 0) goto 0xb0ab12c6;
				E00007FF67FF6B0AAB93C(_t234,  *(_t491 + 0x7ff6b0ae89e8) & 0x00000080, _t364);
				_t236 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t364 + 0xc0)) + 0x14)) == 0x00000000;
				if (GetConsoleMode(_t479) == 0) goto 0xb0ab12c6;
				if (_t236 == 0) goto 0xb0ab102f;
				if (sil == 0) goto 0xb0ab12c6;
				_t188 = GetConsoleCP();
				 *(_t462 + 0x4c) =  *(_t462 + 0x4c) & 0;
				_t389 = _t477;
				 *(_t462 + 0x58) = _t188;
				if (r13d == 0) goto 0xb0ab12c0;
				r14d =  *(_t462 + 0x58);
				if (sil != 0) goto 0xb0ab11df;
				_t250 =  *_t389;
				r14d = 0;
				_t430 =  *((intOrPtr*)(0xb0ae89e0 +  *(_t462 + 0x50) * 8));
				r14b = _t250 == 0xa;
				if ( *(_t491 + _t430 + 0x50) == 0) goto 0xb0ab10a1;
				 *((char*)(_t462 + 0x5d)) = _t250;
				r8d = 2;
				 *((char*)(_t462 + 0x5c)) =  *((intOrPtr*)(_t491 + _t430 + 0x4c));
				 *(_t491 + _t430 + 0x50) =  *(_t491 + _t430 + 0x50) & 0x00000000;
				goto 0xb0ab10ea;
				if (E00007FF67FF6B0AAFA14(_t250,  *(_t491 + _t430 + 0x50), 0xb0ae89e0, _t475) == 0) goto 0xb0ab10e1;
				if (_t479 - _t389 + _t477 - 1 <= 0) goto 0xb0ab128f;
				r8d = 2;
				if (E00007FF67FF6B0AB554C(0, _t479 - _t389 + _t477 - 1, _t389, _t462 + 0x44, _t444, _t467) == 0xffffffff) goto 0xb0ab1252;
				_t390 = _t389 + 1;
				goto 0xb0ab10fd;
				r8d = 1;
				if (E00007FF67FF6B0AB554C(0, E00007FF67FF6B0AB554C(0, _t479 - _t389 + _t477 - 1, _t389, _t462 + 0x44, _t444, _t467) - 0xffffffff, _t390, _t462 + 0x44, _t444, _t467) == 0xffffffff) goto 0xb0ab1252;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				r9d = 1;
				 *((intOrPtr*)(_t462 + 0x28)) = 5;
				_t391 = _t390 + 1;
				 *(_t462 + 0x20) = _t462 + 0x5c;
				_t193 = WideCharToMultiByte(_t476, _t442, _t444, _t454);
				_t288 = _t193;
				if (_t193 == 0) goto 0xb0ab1252;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = _t288;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab12b6;
				if ( *(_t462 + 0x4c) - _t288 < 0) goto 0xb0ab1252;
				if (r14d == 0) goto 0xb0ab1244;
				_t371 =  *(_t462 + 0x50);
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x5c)) = bpl;
				r8d = 0x7ff6b0ae89d4;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab12b6;
				if ( *(_t462 + 0x4c) - 1 < 0) goto 0xb0ab1252;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				goto 0xb0ab1244;
				if (sil == 1) goto 0xb0ab11eb;
				if (sil != 2) goto 0xb0ab1202;
				_t196 =  *_t391 & 0x0000ffff;
				r14d = 0;
				 *(_t462 + 0x44) = _t196;
				r14b = _t196 == 0xa;
				_t392 =  &(_t391[1]);
				if (sil == 1) goto 0xb0ab120e;
				if (sil != 2) goto 0xb0ab1244;
				if (E00007FF67FF6B0AB5A0C( *(_t462 + 0x44) & 0x0000ffff) !=  *(_t462 + 0x44)) goto 0xb0ab12b6;
				if (r14d == 0) goto 0xb0ab1244;
				 *(_t462 + 0x44) = 0xd;
				if (E00007FF67FF6B0AB5A0C(0xd) !=  *(_t462 + 0x44)) goto 0xb0ab12b6;
				 *(_t462 + 0x40) =  *(_t462 + 0x40) + 1;
				if (_t236 - r12d - r13d < 0) goto 0xb0ab1053;
				_t237 =  *(_t462 + 0x4c);
				_t290 =  *(_t462 + 0x40);
				if (_t236 - r12d +  *(_t462 + 0x40) + 4 != 0) goto 0xb0ab161f;
				if (_t237 == 0) goto 0xb0ab15e9;
				if (_t237 != 5) goto 0xb0ab15dd;
				E00007FF67FF6B0AA78AC(_t371);
				 *_t371 = 9;
				E00007FF67FF6B0AA78CC(_t371);
				 *_t371 = _t237;
				goto 0xb0ab0f67;
				_t485 =  *(_t462 + 0x50);
				 *((char*)(_t491 +  *((intOrPtr*)(0xb0ae89e0 + _t485 * 8)) + 0x4c)) =  *_t392;
				 *(_t491 +  *((intOrPtr*)(0xb0ae89e0 + _t485 * 8)) + 0x50) = 1;
				goto 0xb0ab125b;
				GetLastError();
				goto 0xb0ab1256;
				goto 0xb0ab1267;
				_t408 =  *((intOrPtr*)(0xb0ae89e0 + _t485 * 8));
				if (( *(_t491 + _t408 + 8) & 0x00000080) == 0) goto 0xb0ab15a7;
				_t456 = _t477;
				if (sil != 0) goto 0xb0ab13bb;
				if (r13d == 0) goto 0xb0ab15f0;
				_t111 = _t392 + 0xd; // 0xd
				r14d =  *(_t462 + 0x40);
				_t445 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0xb0ab1336;
				_t207 =  *_t456;
				_t457 = _t456 + 1;
				if (_t207 != 0xa) goto 0xb0ab1325;
				 *_t445 = _t111;
				r14d = r14d + 1;
				_t446 = _t445 + 1;
				 *_t446 = _t207;
				if (_t408 + 2 - 0x13ff < 0) goto 0xb0ab1306;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t207;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab13ae;
				if ( *((intOrPtr*)(_t462 + 0x48)) - _t446 + 1 - _t462 + 0x720 < 0) goto 0xb0ab125b;
				if (_t290 - r12d - r13d < 0) goto 0xb0ab12f7;
				goto 0xb0ab125b;
				GetLastError();
				goto 0xb0ab125b;
				if (sil != 2) goto 0xb0ab1499;
				if (r13d == 0) goto 0xb0ab15f0;
				r14d =  *(_t462 + 0x40);
				_t449 = _t462 + 0x720;
				if (_t290 - r12d - r13d >= 0) goto 0xb0ab141d;
				_t214 =  *_t457 & 0x0000ffff;
				if (_t214 != 0xa) goto 0xb0ab1409;
				 *_t449 = 0xd;
				r14d = r14d + 2;
				_t450 = _t449 + 2;
				 *_t450 = _t214;
				if ( *((intOrPtr*)(_t491 +  *((intOrPtr*)(0xb0ae89e0 +  *(_t462 + 0x50) * 8)))) + 4 - 0x13fe < 0) goto 0xb0ab13e2;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t392;
				r8d = _t283;
				r8d = r8d - _t214;
				 *(_t462 + 0x40) = r14d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab13ae;
				if ( *((intOrPtr*)(_t462 + 0x48)) -  &(_t450[0]) - _t462 + 0x720 < 0) goto 0xb0ab125b;
				if (_t290 - r12d - r13d < 0) goto 0xb0ab13d3;
				goto 0xb0ab125b;
				if (r13d == 0) goto 0xb0ab15f0;
				r8d = 0xd;
				_t417 = _t462 + 0x70;
				if (_t290 - r12d - r13d >= 0) goto 0xb0ab14e7;
				_t220 = _t457[1] & 0x0000ffff;
				if (_t220 != 0xa) goto 0xb0ab14d3;
				 *_t417 = r8w;
				 *(_t417 + 2) = _t220;
				if (_t462 + 0x724 - 0x6a8 < 0) goto 0xb0ab14af;
				 *(_t462 + 0x38) =  *(_t462 + 0x38) & 0x00000000;
				 *(_t462 + 0x30) =  *(_t462 + 0x30) & 0x00000000;
				 *((intOrPtr*)(_t462 + 0x28)) = 0xd55;
				asm("cdq");
				r9d = 0 - _t220 >> 1;
				 *(_t462 + 0x20) = _t462 + 0x720;
				_t224 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t224;
				if (_t224 == 0) goto 0xb0ab12b6;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & 0x00000000;
				r8d = r14d;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab157d;
				_t285 = 0 +  *((intOrPtr*)(_t462 + 0x48));
				if (r14d - _t285 > 0) goto 0xb0ab1538;
				goto 0xb0ab1585;
				GetLastError();
				if (r14d - _t285 > 0) goto 0xb0ab1256;
				r8d = 0xd;
				if (_t290 - r12d - r13d < 0) goto 0xb0ab14a8;
				goto 0xb0ab1256;
				 *(_t462 + 0x20) =  *(_t462 + 0x20) & _t442;
				r8d = r13d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab15d0;
				goto 0xb0ab125f;
				_t228 = GetLastError();
				goto 0xb0ab125f;
				E00007FF67FF6B0AA78EC(_t228,  *(_t462 + 0x50));
				goto 0xb0ab0f67;
				_t386 =  *((intOrPtr*)(0xb0ae89e0 +  *(_t462 + 0x50) * 8));
				if (( *(_t491 + 0x7ff6b0ae89e8) & 0x00000040) == 0) goto 0xb0ab1607;
				if ( *_t477 == 0x1a) goto 0xb0ab0f35;
				E00007FF67FF6B0AA78AC(_t386);
				 *0xb0ae89e0 = 0x1c;
				E00007FF67FF6B0AA78CC(_t386);
				 *_t386 =  *_t386 & 0x00000000;
				goto 0xb0ab0f67;
				return E00007FF67FF6B0AA4050(_t228,  *(_t462 + 0x1b20) ^ _t462, _t477, _t462 + 0x70, _t462 + 0x48);
			}

























































                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0ef0
                                                                                                                                                                                                    0x7ff6b0ab0f05
                                                                                                                                                                                                    0x7ff6b0ab0f0a
                                                                                                                                                                                                    0x7ff6b0ab0f0d
                                                                                                                                                                                                    0x7ff6b0ab0f14
                                                                                                                                                                                                    0x7ff6b0ab0f17
                                                                                                                                                                                                    0x7ff6b0ab0f23
                                                                                                                                                                                                    0x7ff6b0ab0f26
                                                                                                                                                                                                    0x7ff6b0ab0f29
                                                                                                                                                                                                    0x7ff6b0ab0f2c
                                                                                                                                                                                                    0x7ff6b0ab0f33
                                                                                                                                                                                                    0x7ff6b0ab0f37
                                                                                                                                                                                                    0x7ff6b0ab0f3f
                                                                                                                                                                                                    0x7ff6b0ab0f41
                                                                                                                                                                                                    0x7ff6b0ab0f46
                                                                                                                                                                                                    0x7ff6b0ab0f48
                                                                                                                                                                                                    0x7ff6b0ab0f4d
                                                                                                                                                                                                    0x7ff6b0ab0f52
                                                                                                                                                                                                    0x7ff6b0ab0f55
                                                                                                                                                                                                    0x7ff6b0ab0f5c
                                                                                                                                                                                                    0x7ff6b0ab0f62
                                                                                                                                                                                                    0x7ff6b0ab0f6a
                                                                                                                                                                                                    0x7ff6b0ab0f7c
                                                                                                                                                                                                    0x7ff6b0ab0f80
                                                                                                                                                                                                    0x7ff6b0ab0f84
                                                                                                                                                                                                    0x7ff6b0ab0f88
                                                                                                                                                                                                    0x7ff6b0ab0f8d
                                                                                                                                                                                                    0x7ff6b0ab0f91
                                                                                                                                                                                                    0x7ff6b0ab0f96
                                                                                                                                                                                                    0x7ff6b0ab0f99
                                                                                                                                                                                                    0x7ff6b0ab0fa0
                                                                                                                                                                                                    0x7ff6b0ab0fa6
                                                                                                                                                                                                    0x7ff6b0ab0faf
                                                                                                                                                                                                    0x7ff6b0ab0fb7
                                                                                                                                                                                                    0x7ff6b0ab0fbd
                                                                                                                                                                                                    0x7ff6b0ab0fbd
                                                                                                                                                                                                    0x7ff6b0ab0fc1
                                                                                                                                                                                                    0x7ff6b0ab0fcf
                                                                                                                                                                                                    0x7ff6b0ab0fdc
                                                                                                                                                                                                    0x7ff6b0ab0fe6
                                                                                                                                                                                                    0x7ff6b0ab0fec
                                                                                                                                                                                                    0x7ff6b0ab1011
                                                                                                                                                                                                    0x7ff6b0ab101c
                                                                                                                                                                                                    0x7ff6b0ab1024
                                                                                                                                                                                                    0x7ff6b0ab1029
                                                                                                                                                                                                    0x7ff6b0ab102f
                                                                                                                                                                                                    0x7ff6b0ab1035
                                                                                                                                                                                                    0x7ff6b0ab1039
                                                                                                                                                                                                    0x7ff6b0ab103c
                                                                                                                                                                                                    0x7ff6b0ab1043
                                                                                                                                                                                                    0x7ff6b0ab1049
                                                                                                                                                                                                    0x7ff6b0ab1056
                                                                                                                                                                                                    0x7ff6b0ab1061
                                                                                                                                                                                                    0x7ff6b0ab1063
                                                                                                                                                                                                    0x7ff6b0ab1070
                                                                                                                                                                                                    0x7ff6b0ab1075
                                                                                                                                                                                                    0x7ff6b0ab107f
                                                                                                                                                                                                    0x7ff6b0ab1086
                                                                                                                                                                                                    0x7ff6b0ab108a
                                                                                                                                                                                                    0x7ff6b0ab1090
                                                                                                                                                                                                    0x7ff6b0ab1094
                                                                                                                                                                                                    0x7ff6b0ab109f
                                                                                                                                                                                                    0x7ff6b0ab10ab
                                                                                                                                                                                                    0x7ff6b0ab10ba
                                                                                                                                                                                                    0x7ff6b0ab10c5
                                                                                                                                                                                                    0x7ff6b0ab10d6
                                                                                                                                                                                                    0x7ff6b0ab10dc
                                                                                                                                                                                                    0x7ff6b0ab10df
                                                                                                                                                                                                    0x7ff6b0ab10e1
                                                                                                                                                                                                    0x7ff6b0ab10f7
                                                                                                                                                                                                    0x7ff6b0ab10fd
                                                                                                                                                                                                    0x7ff6b0ab1103
                                                                                                                                                                                                    0x7ff6b0ab1117
                                                                                                                                                                                                    0x7ff6b0ab111f
                                                                                                                                                                                                    0x7ff6b0ab1127
                                                                                                                                                                                                    0x7ff6b0ab112a
                                                                                                                                                                                                    0x7ff6b0ab112f
                                                                                                                                                                                                    0x7ff6b0ab1135
                                                                                                                                                                                                    0x7ff6b0ab1139
                                                                                                                                                                                                    0x7ff6b0ab1144
                                                                                                                                                                                                    0x7ff6b0ab1163
                                                                                                                                                                                                    0x7ff6b0ab116e
                                                                                                                                                                                                    0x7ff6b0ab1181
                                                                                                                                                                                                    0x7ff6b0ab118f
                                                                                                                                                                                                    0x7ff6b0ab1195
                                                                                                                                                                                                    0x7ff6b0ab119a
                                                                                                                                                                                                    0x7ff6b0ab11a0
                                                                                                                                                                                                    0x7ff6b0ab11b1
                                                                                                                                                                                                    0x7ff6b0ab11ca
                                                                                                                                                                                                    0x7ff6b0ab11d5
                                                                                                                                                                                                    0x7ff6b0ab11d7
                                                                                                                                                                                                    0x7ff6b0ab11dd
                                                                                                                                                                                                    0x7ff6b0ab11e3
                                                                                                                                                                                                    0x7ff6b0ab11e9
                                                                                                                                                                                                    0x7ff6b0ab11eb
                                                                                                                                                                                                    0x7ff6b0ab11ee
                                                                                                                                                                                                    0x7ff6b0ab11f5
                                                                                                                                                                                                    0x7ff6b0ab11fa
                                                                                                                                                                                                    0x7ff6b0ab11fe
                                                                                                                                                                                                    0x7ff6b0ab1206
                                                                                                                                                                                                    0x7ff6b0ab120c
                                                                                                                                                                                                    0x7ff6b0ab121d
                                                                                                                                                                                                    0x7ff6b0ab1229
                                                                                                                                                                                                    0x7ff6b0ab122d
                                                                                                                                                                                                    0x7ff6b0ab123c
                                                                                                                                                                                                    0x7ff6b0ab1240
                                                                                                                                                                                                    0x7ff6b0ab124c
                                                                                                                                                                                                    0x7ff6b0ab1252
                                                                                                                                                                                                    0x7ff6b0ab125b
                                                                                                                                                                                                    0x7ff6b0ab1261
                                                                                                                                                                                                    0x7ff6b0ab1269
                                                                                                                                                                                                    0x7ff6b0ab1272
                                                                                                                                                                                                    0x7ff6b0ab1278
                                                                                                                                                                                                    0x7ff6b0ab127d
                                                                                                                                                                                                    0x7ff6b0ab1283
                                                                                                                                                                                                    0x7ff6b0ab1288
                                                                                                                                                                                                    0x7ff6b0ab128a
                                                                                                                                                                                                    0x7ff6b0ab1291
                                                                                                                                                                                                    0x7ff6b0ab129d
                                                                                                                                                                                                    0x7ff6b0ab12a7
                                                                                                                                                                                                    0x7ff6b0ab12b4
                                                                                                                                                                                                    0x7ff6b0ab12b6
                                                                                                                                                                                                    0x7ff6b0ab12be
                                                                                                                                                                                                    0x7ff6b0ab12c4
                                                                                                                                                                                                    0x7ff6b0ab12cd
                                                                                                                                                                                                    0x7ff6b0ab12d7
                                                                                                                                                                                                    0x7ff6b0ab12df
                                                                                                                                                                                                    0x7ff6b0ab12e5
                                                                                                                                                                                                    0x7ff6b0ab12ee
                                                                                                                                                                                                    0x7ff6b0ab12f4
                                                                                                                                                                                                    0x7ff6b0ab12f7
                                                                                                                                                                                                    0x7ff6b0ab12fc
                                                                                                                                                                                                    0x7ff6b0ab130e
                                                                                                                                                                                                    0x7ff6b0ab1310
                                                                                                                                                                                                    0x7ff6b0ab1313
                                                                                                                                                                                                    0x7ff6b0ab1318
                                                                                                                                                                                                    0x7ff6b0ab131a
                                                                                                                                                                                                    0x7ff6b0ab131c
                                                                                                                                                                                                    0x7ff6b0ab131f
                                                                                                                                                                                                    0x7ff6b0ab1328
                                                                                                                                                                                                    0x7ff6b0ab1334
                                                                                                                                                                                                    0x7ff6b0ab1336
                                                                                                                                                                                                    0x7ff6b0ab1343
                                                                                                                                                                                                    0x7ff6b0ab1346
                                                                                                                                                                                                    0x7ff6b0ab1350
                                                                                                                                                                                                    0x7ff6b0ab1377
                                                                                                                                                                                                    0x7ff6b0ab1390
                                                                                                                                                                                                    0x7ff6b0ab13a3
                                                                                                                                                                                                    0x7ff6b0ab13a9
                                                                                                                                                                                                    0x7ff6b0ab13ae
                                                                                                                                                                                                    0x7ff6b0ab13b6
                                                                                                                                                                                                    0x7ff6b0ab13bf
                                                                                                                                                                                                    0x7ff6b0ab13c8
                                                                                                                                                                                                    0x7ff6b0ab13d3
                                                                                                                                                                                                    0x7ff6b0ab13d8
                                                                                                                                                                                                    0x7ff6b0ab13ea
                                                                                                                                                                                                    0x7ff6b0ab13ec
                                                                                                                                                                                                    0x7ff6b0ab13f8
                                                                                                                                                                                                    0x7ff6b0ab13fa
                                                                                                                                                                                                    0x7ff6b0ab13fd
                                                                                                                                                                                                    0x7ff6b0ab1401
                                                                                                                                                                                                    0x7ff6b0ab140d
                                                                                                                                                                                                    0x7ff6b0ab141b
                                                                                                                                                                                                    0x7ff6b0ab141d
                                                                                                                                                                                                    0x7ff6b0ab142a
                                                                                                                                                                                                    0x7ff6b0ab142d
                                                                                                                                                                                                    0x7ff6b0ab1437
                                                                                                                                                                                                    0x7ff6b0ab145e
                                                                                                                                                                                                    0x7ff6b0ab147b
                                                                                                                                                                                                    0x7ff6b0ab148e
                                                                                                                                                                                                    0x7ff6b0ab1494
                                                                                                                                                                                                    0x7ff6b0ab149c
                                                                                                                                                                                                    0x7ff6b0ab14a2
                                                                                                                                                                                                    0x7ff6b0ab14a8
                                                                                                                                                                                                    0x7ff6b0ab14b7
                                                                                                                                                                                                    0x7ff6b0ab14b9
                                                                                                                                                                                                    0x7ff6b0ab14c5
                                                                                                                                                                                                    0x7ff6b0ab14c7
                                                                                                                                                                                                    0x7ff6b0ab14d7
                                                                                                                                                                                                    0x7ff6b0ab14e5
                                                                                                                                                                                                    0x7ff6b0ab14e7
                                                                                                                                                                                                    0x7ff6b0ab14ed
                                                                                                                                                                                                    0x7ff6b0ab14ff
                                                                                                                                                                                                    0x7ff6b0ab150e
                                                                                                                                                                                                    0x7ff6b0ab1515
                                                                                                                                                                                                    0x7ff6b0ab1520
                                                                                                                                                                                                    0x7ff6b0ab1525
                                                                                                                                                                                                    0x7ff6b0ab152b
                                                                                                                                                                                                    0x7ff6b0ab1530
                                                                                                                                                                                                    0x7ff6b0ab153d
                                                                                                                                                                                                    0x7ff6b0ab154e
                                                                                                                                                                                                    0x7ff6b0ab1561
                                                                                                                                                                                                    0x7ff6b0ab1570
                                                                                                                                                                                                    0x7ff6b0ab1572
                                                                                                                                                                                                    0x7ff6b0ab1579
                                                                                                                                                                                                    0x7ff6b0ab157b
                                                                                                                                                                                                    0x7ff6b0ab157d
                                                                                                                                                                                                    0x7ff6b0ab1588
                                                                                                                                                                                                    0x7ff6b0ab1590
                                                                                                                                                                                                    0x7ff6b0ab159c
                                                                                                                                                                                                    0x7ff6b0ab15a2
                                                                                                                                                                                                    0x7ff6b0ab15ab
                                                                                                                                                                                                    0x7ff6b0ab15b5
                                                                                                                                                                                                    0x7ff6b0ab15c3
                                                                                                                                                                                                    0x7ff6b0ab15cb
                                                                                                                                                                                                    0x7ff6b0ab15d0
                                                                                                                                                                                                    0x7ff6b0ab15d8
                                                                                                                                                                                                    0x7ff6b0ab15df
                                                                                                                                                                                                    0x7ff6b0ab15e4
                                                                                                                                                                                                    0x7ff6b0ab15f0
                                                                                                                                                                                                    0x7ff6b0ab15fa
                                                                                                                                                                                                    0x7ff6b0ab1601
                                                                                                                                                                                                    0x7ff6b0ab1607
                                                                                                                                                                                                    0x7ff6b0ab160c
                                                                                                                                                                                                    0x7ff6b0ab1612
                                                                                                                                                                                                    0x7ff6b0ab1617
                                                                                                                                                                                                    0x7ff6b0ab161a
                                                                                                                                                                                                    0x7ff6b0ab164d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                    • API String ID: 921712934-4171548499
                                                                                                                                                                                                    • Opcode ID: b58e01479b693e4d3fc4ee5255ae4a2aff408e3cce59a02e304553b3b8b91440
                                                                                                                                                                                                    • Instruction ID: 3ef372a414a7db5e0795f2777aa54dd465682812bc7a2f3a4c2ba9ce3e1b25ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b58e01479b693e4d3fc4ee5255ae4a2aff408e3cce59a02e304553b3b8b91440
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C12C323A1864AA6EB208F2DD4443BA6FA0FB84784F944535DB4EC77A6DF3DE445CB10
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAA728 Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$free$ByteCharMultiWidemalloc$ErrorLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1837315383-0
                                                                                                                                                                                                    • Opcode ID: deef6aef4076a8aecc8c09d005643f978d232f5a9d69fe706d5c65247fb8c331
                                                                                                                                                                                                    • Instruction ID: d32ca9379be358001c84198de1041a46cafa44194a2b984d4911f5d29b2feaec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: deef6aef4076a8aecc8c09d005643f978d232f5a9d69fe706d5c65247fb8c331
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F1C433A08681AAE7208F28D4405BD7BD1FB58798F644A35EB5E97BD6DF3CE9418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A99DE0 Relevance: 27.4, APIs: 18, Instructions: 428COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF67FF6B0A99DE0(long long __rax, long long __rcx, long long __rdx, void* __r8, signed long long __r9, long long _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v88;
				char _v104;
				char _v120;
				char _v136;
				signed int* _v144;
				long long _v152;
				signed int* _v160;
				long long _v168;
				signed int* _v176;
				long long _v184;
				signed long long _v200;
				signed int _v208;
				long long _v216;
				signed int* _v224;
				long long _v232;
				char _v256;
				signed int _v264;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* _t200;
				signed int _t211;
				long long _t297;
				long long _t298;
				long long _t300;
				long long _t301;
				long long _t304;
				long long _t306;
				long long _t307;
				long long _t310;
				long long _t312;
				long long _t313;
				signed int* _t324;
				signed int* _t325;
				signed int* _t326;
				signed int* _t331;
				signed int* _t332;
				signed int* _t333;
				signed int* _t338;
				signed int* _t339;
				signed int* _t340;
				void* _t351;
				void* _t355;
				void* _t359;
				void* _t363;
				void* _t365;
				long long _t366;
				intOrPtr* _t367;
				long long _t368;
				intOrPtr* _t369;
				long long _t370;
				intOrPtr* _t371;
				void* _t372;
				signed int* _t373;
				void* _t374;
				signed int* _t375;
				void* _t376;
				long long _t377;
				void* _t383;
				signed long long _t384;
				signed int* _t393;
				void* _t396;
				void* _t398;

				_t384 = __r9;
				_t383 = __r8;
				_t282 = __rax;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v88 = 0xfffffffe;
				_t211 = r8d;
				_t377 = __rdx;
				_t297 = __rcx;
				_a32 = 0;
				E00007FF67FF6B0AA45E0(__rax, __rcx);
				if (__rax == 0) goto 0xb0a99e3b;
				 *((long long*)(__rax)) =  &_v256;
				goto 0xb0a99e3d;
				_v256 = __rax;
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				if (_t211 != 0) goto 0xb0a99eab;
				E00007FF67FF6B0A9A460(__rax, _t297, _t297,  &_v256, _t365, _t372, __r8);
				if (_v232 == 0) goto 0xb0a99e7e;
				E00007FF67FF6B0AA44D8(_t282, _t297, _v232,  &_v256, _t372, _t383, _t384);
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				E00007FF67FF6B0AA44D8(_t282, _t297, _v256,  &_v256, _t372, _t383, _t384);
				goto 0xb0a9a440;
				_t351 = _t365;
				E00007FF67FF6B0A9A530(_t200, _t297, _t297,  &_v256, _t351, _t372, _t383, _t384);
				r8d = 0;
				_v208 = r8d;
				r9d = 0;
				_v200 = _t384;
				if (_t211 == 0) goto 0xb0a9a3fb;
				_t324 = _v224;
				_t298 = _v232;
				asm("o16 nop [eax+eax]");
				sil = 0x41;
				r14d = sil & 0xffffffff;
				r13d = sil & 0xffffffff;
				_a32 = sil;
				_t25 = _t383 + 1; // 0x1
				if (_t25 - _t211 >= 0) goto 0xb0a99f07;
				_t29 = _t383 + 2; // 0x2
				if (_t29 - _t211 >= 0) goto 0xb0a99f14;
				r14b =  *((intOrPtr*)(_t377 + 4 + _t384 * 2));
				_t33 = _t383 + 3; // 0x3
				if (_t33 - _t211 >= 0) goto 0xb0a99f29;
				r13b =  *((intOrPtr*)(_t377 + 6 + _t384 * 2));
				_a32 = r13b;
				_t38 = _t351 - 0x41; // 0x0
				if (_t38 - 0x19 > 0) goto 0xb0a99f35;
				goto 0xb0a99f56;
				_t39 = _t351 - 0x61; // -32
				if (_t39 - 0x19 > 0) goto 0xb0a99f41;
				goto 0xb0a99f56;
				_t40 = _t351 - 0x30; // 0x11
				if (_t40 - 9 > 0) goto 0xb0a99f4d;
				goto 0xb0a99f56;
				_t43 = _t372 - 0x41; // 0x24b4fdf
				if (_t43 - 0x19 > 0) goto 0xb0a99f63;
				sil = sil - 0x41;
				goto 0xb0a99f89;
				_t44 = _t372 - 0x61; // 0x24b4fbf
				if (_t44 - 0x19 > 0) goto 0xb0a99f70;
				sil = sil - 0x47;
				goto 0xb0a99f89;
				_t45 = _t372 - 0x30; // 0x24b4ff0
				if (_t45 - 9 > 0) goto 0xb0a99f7d;
				sil = sil + 4;
				goto 0xb0a99f89;
				sil = sil != 0x2b;
				sil = sil + 0x3e;
				if (_t398 - 0x41 - 0x19 > 0) goto 0xb0a99f97;
				goto 0xb0a99fbf;
				if (_t398 - 0x61 - 0x19 > 0) goto 0xb0a99fa5;
				goto 0xb0a99fbf;
				if (_t398 - 0x30 - 9 > 0) goto 0xb0a99fb3;
				goto 0xb0a99fbf;
				bpl = r14b != 0x2b;
				bpl = bpl + 0x3e;
				_t52 = _t396 - 0x41; // -65
				if (_t52 - 0x19 > 0) goto 0xb0a99fcd;
				_t53 = _t396 - 0x41; // -65
				r15d = _t53;
				goto 0xb0a99ff5;
				_t54 = _t396 - 0x61; // -97
				if (_t54 - 0x19 > 0) goto 0xb0a99fdb;
				_t55 = _t396 - 0x47; // -71
				r15d = _t55;
				goto 0xb0a99ff5;
				_t56 = _t396 - 0x30; // -48
				if (_t56 - 9 > 0) goto 0xb0a99fe9;
				_t57 = _t396 + 4; // 0x4
				r15d = _t57;
				goto 0xb0a99ff5;
				r15b = r13b != 0x2b;
				r15b = r15b + 0x3e;
				r8d = sil & 0xffffffff;
				r8b = r8b >> 4;
				r8b = r8b | (( *(_t377 + _t384 * 2) & 0x000000ff) - 0xfffffffffffffffa + 0x00000004 & 0xffffff00 | ( *(_t377 + _t384 * 2) & 0x000000ff) - 0xfffffffffffffffa + 0x00000004 != 0x0000002b) + 0x0000003e << 0x00000002;
				_v264 = r8b;
				if (_t298 != 0) goto 0xb0a9a011;
				goto 0xb0a9a019;
				if (_t324 - _t298 - _v216 - _t298 >= 0) goto 0xb0a9a039;
				 *_t324 = r8b;
				_t325 =  &(_t324[0]);
				_v224 = _t325;
				goto 0xb0a9a140;
				_t393 = _t325;
				if (_v232 - _t325 <= 0) goto 0xb0a9a050;
				E00007FF67FF6B0AA44B8();
				_t326 = _v224;
				_t300 = _v232;
				_t366 = _v256;
				_v168 = _t366;
				_v160 = _t393;
				if (_t326 != _t300) goto 0xb0a9a06f;
				r12d = 0;
				goto 0xb0a9a08d;
				if (_t300 - _t326 <= 0) goto 0xb0a9a079;
				E00007FF67FF6B0AA44B8();
				if (_t366 == 0) goto 0xb0a9a085;
				if (_t366 == _v256) goto 0xb0a9a08a;
				E00007FF67FF6B0AA44B8();
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0xa0], xmm0");
				r8d = 1;
				E00007FF67FF6B0A953A0(_t300,  &_v256,  &_v136, _t372, _t383,  &_v264);
				_t301 = _v232;
				if (_t301 - _v224 <= 0) goto 0xb0a9a0dc;
				E00007FF67FF6B0AA44B8();
				_t367 = _v256;
				if (_t367 != 0) goto 0xb0a9a0fa;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9a102;
				_t355 = _t301 + _t393 - _t300;
				if (_t355 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0xb0a9a11f;
				if (_t367 == 0) goto 0xb0a9a117;
				goto 0xb0a9a119;
				if (_t355 -  *((intOrPtr*)( *_t367 + 0x18)) >= 0) goto 0xb0a9a138;
				E00007FF67FF6B0AA44B8();
				_t331 = _v224;
				_t304 = _v232;
				r13b = _a32;
				goto 0xb0a9a140;
				r13b = _a32;
				if (r14b == 0x3d) goto 0xb0a9a27f;
				r8d = bpl & 0xffffffff;
				r8b = r8b >> 2;
				sil = sil << 4;
				r8b = r8b | sil;
				_a32 = r8b;
				if (_t304 != 0) goto 0xb0a9a16a;
				goto 0xb0a9a172;
				if (_t331 - _t304 - _v216 - _t304 >= 0) goto 0xb0a9a192;
				 *_t331 = r8b;
				_t332 =  &(_t331[0]);
				_v224 = _t332;
				goto 0xb0a9a27f;
				_t373 = _t332;
				if (_v232 - _t332 <= 0) goto 0xb0a9a1a9;
				E00007FF67FF6B0AA44B8();
				_t333 = _v224;
				_t306 = _v232;
				_t368 = _v256;
				_v184 = _t368;
				_v176 = _t373;
				if (_t333 != _t306) goto 0xb0a9a1c1;
				goto 0xb0a9a1df;
				if (_t306 - _t333 <= 0) goto 0xb0a9a1cb;
				E00007FF67FF6B0AA44B8();
				if (_t368 == 0) goto 0xb0a9a1d7;
				if (_t368 == _v256) goto 0xb0a9a1dc;
				E00007FF67FF6B0AA44B8();
				_t374 = _t373 - _t306;
				asm("movaps xmm0, [esp+0x70]");
				asm("movdqa [esp+0xc0], xmm0");
				r8d = 1;
				E00007FF67FF6B0A953A0(_t306,  &_v256,  &_v104, _t374, _t383,  &_a32);
				_t307 = _v232;
				if (_t307 - _v224 <= 0) goto 0xb0a9a22e;
				E00007FF67FF6B0AA44B8();
				_t369 = _v256;
				if (_t369 != 0) goto 0xb0a9a24c;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9a254;
				_t359 = _t307 + _t374;
				if (_t359 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0xb0a9a270;
				if (_t369 == 0) goto 0xb0a9a268;
				goto 0xb0a9a26a;
				if (_t359 -  *((intOrPtr*)( *_t369 + 0x18)) >= 0) goto 0xb0a9a27f;
				E00007FF67FF6B0AA44B8();
				_t338 = _v224;
				_t310 = _v232;
				if (r13b == 0x3d) goto 0xb0a9a3bf;
				bpl = bpl << 6;
				bpl = bpl | r15b;
				_a32 = bpl;
				if (_t310 != 0) goto 0xb0a9a2a1;
				goto 0xb0a9a2a9;
				if (_t338 - _t310 - _v216 - _t310 >= 0) goto 0xb0a9a2c9;
				 *_t338 = bpl;
				_t339 =  &(_t338[0]);
				_v224 = _t339;
				goto 0xb0a9a3bf;
				_t375 = _t339;
				if (_v232 - _t339 <= 0) goto 0xb0a9a2e0;
				E00007FF67FF6B0AA44B8();
				_t340 = _v224;
				_t312 = _v232;
				_t370 = _v256;
				_v152 = _t370;
				_v144 = _t375;
				if (_t340 != _t312) goto 0xb0a9a2fe;
				goto 0xb0a9a31c;
				if (_t312 - _t340 <= 0) goto 0xb0a9a308;
				E00007FF67FF6B0AA44B8();
				if (_t370 == 0) goto 0xb0a9a314;
				if (_t370 == _v256) goto 0xb0a9a319;
				E00007FF67FF6B0AA44B8();
				_t376 = _t375 - _t312;
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0xb0], xmm0");
				r8d = 1;
				E00007FF67FF6B0A953A0(_t312,  &_v256,  &_v120, _t376, _t383,  &_a32);
				_t313 = _v232;
				if (_t313 - _v224 <= 0) goto 0xb0a9a36e;
				E00007FF67FF6B0AA44B8();
				_t371 = _v256;
				if (_t371 != 0) goto 0xb0a9a38c;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9a394;
				_t363 = _t376 + _t313;
				if (_t363 -  *((intOrPtr*)( *_v256 + 0x20)) > 0) goto 0xb0a9a3b0;
				if (_t371 == 0) goto 0xb0a9a3a8;
				goto 0xb0a9a3aa;
				if (_t363 -  *((intOrPtr*)( *_t371 + 0x18)) >= 0) goto 0xb0a9a3bf;
				E00007FF67FF6B0AA44B8();
				r8d = _v208;
				r8d = r8d + 4;
				_v208 = r8d;
				_v200 = _v200 + 4;
				if (r8d - _a24 < 0) goto 0xb0a99ee0;
				E00007FF67FF6B0A9A460( *_t371, _a8, _a8,  &_v256, _t371, _t376, _t383);
				if (_v232 == 0) goto 0xb0a9a418;
				E00007FF67FF6B0AA44D8( *_t371, _a8, _v232,  &_v256, _t376, _t383, _v200 + 4);
				_v232 = 0;
				_v224 = 0;
				_v216 = 0;
				return E00007FF67FF6B0AA44D8( *_t371, _a8, _v256,  &_v256, _t376, _t383, _v200 + 4);
			}


































































                                                                                                                                                                                                    0x7ff6b0a99de0
                                                                                                                                                                                                    0x7ff6b0a99de0
                                                                                                                                                                                                    0x7ff6b0a99de0
                                                                                                                                                                                                    0x7ff6b0a99de0
                                                                                                                                                                                                    0x7ff6b0a99de5
                                                                                                                                                                                                    0x7ff6b0a99dea
                                                                                                                                                                                                    0x7ff6b0a99e02
                                                                                                                                                                                                    0x7ff6b0a99e0e
                                                                                                                                                                                                    0x7ff6b0a99e11
                                                                                                                                                                                                    0x7ff6b0a99e14
                                                                                                                                                                                                    0x7ff6b0a99e17
                                                                                                                                                                                                    0x7ff6b0a99e27
                                                                                                                                                                                                    0x7ff6b0a99e2f
                                                                                                                                                                                                    0x7ff6b0a99e36
                                                                                                                                                                                                    0x7ff6b0a99e39
                                                                                                                                                                                                    0x7ff6b0a99e3d
                                                                                                                                                                                                    0x7ff6b0a99e42
                                                                                                                                                                                                    0x7ff6b0a99e4b
                                                                                                                                                                                                    0x7ff6b0a99e54
                                                                                                                                                                                                    0x7ff6b0a99e5f
                                                                                                                                                                                                    0x7ff6b0a99e69
                                                                                                                                                                                                    0x7ff6b0a99e77
                                                                                                                                                                                                    0x7ff6b0a99e79
                                                                                                                                                                                                    0x7ff6b0a99e7e
                                                                                                                                                                                                    0x7ff6b0a99e87
                                                                                                                                                                                                    0x7ff6b0a99e90
                                                                                                                                                                                                    0x7ff6b0a99e9e
                                                                                                                                                                                                    0x7ff6b0a99ea6
                                                                                                                                                                                                    0x7ff6b0a99eab
                                                                                                                                                                                                    0x7ff6b0a99eb3
                                                                                                                                                                                                    0x7ff6b0a99eb8
                                                                                                                                                                                                    0x7ff6b0a99ebb
                                                                                                                                                                                                    0x7ff6b0a99ec0
                                                                                                                                                                                                    0x7ff6b0a99ec3
                                                                                                                                                                                                    0x7ff6b0a99eca
                                                                                                                                                                                                    0x7ff6b0a99ed0
                                                                                                                                                                                                    0x7ff6b0a99ed5
                                                                                                                                                                                                    0x7ff6b0a99eda
                                                                                                                                                                                                    0x7ff6b0a99ee6
                                                                                                                                                                                                    0x7ff6b0a99ee9
                                                                                                                                                                                                    0x7ff6b0a99eed
                                                                                                                                                                                                    0x7ff6b0a99ef1
                                                                                                                                                                                                    0x7ff6b0a99ef9
                                                                                                                                                                                                    0x7ff6b0a99eff
                                                                                                                                                                                                    0x7ff6b0a99f07
                                                                                                                                                                                                    0x7ff6b0a99f0d
                                                                                                                                                                                                    0x7ff6b0a99f0f
                                                                                                                                                                                                    0x7ff6b0a99f14
                                                                                                                                                                                                    0x7ff6b0a99f1a
                                                                                                                                                                                                    0x7ff6b0a99f1c
                                                                                                                                                                                                    0x7ff6b0a99f21
                                                                                                                                                                                                    0x7ff6b0a99f29
                                                                                                                                                                                                    0x7ff6b0a99f2e
                                                                                                                                                                                                    0x7ff6b0a99f33
                                                                                                                                                                                                    0x7ff6b0a99f35
                                                                                                                                                                                                    0x7ff6b0a99f3a
                                                                                                                                                                                                    0x7ff6b0a99f3f
                                                                                                                                                                                                    0x7ff6b0a99f41
                                                                                                                                                                                                    0x7ff6b0a99f46
                                                                                                                                                                                                    0x7ff6b0a99f4b
                                                                                                                                                                                                    0x7ff6b0a99f56
                                                                                                                                                                                                    0x7ff6b0a99f5b
                                                                                                                                                                                                    0x7ff6b0a99f5d
                                                                                                                                                                                                    0x7ff6b0a99f61
                                                                                                                                                                                                    0x7ff6b0a99f63
                                                                                                                                                                                                    0x7ff6b0a99f68
                                                                                                                                                                                                    0x7ff6b0a99f6a
                                                                                                                                                                                                    0x7ff6b0a99f6e
                                                                                                                                                                                                    0x7ff6b0a99f70
                                                                                                                                                                                                    0x7ff6b0a99f75
                                                                                                                                                                                                    0x7ff6b0a99f77
                                                                                                                                                                                                    0x7ff6b0a99f7b
                                                                                                                                                                                                    0x7ff6b0a99f81
                                                                                                                                                                                                    0x7ff6b0a99f85
                                                                                                                                                                                                    0x7ff6b0a99f8f
                                                                                                                                                                                                    0x7ff6b0a99f95
                                                                                                                                                                                                    0x7ff6b0a99f9d
                                                                                                                                                                                                    0x7ff6b0a99fa3
                                                                                                                                                                                                    0x7ff6b0a99fab
                                                                                                                                                                                                    0x7ff6b0a99fb1
                                                                                                                                                                                                    0x7ff6b0a99fb7
                                                                                                                                                                                                    0x7ff6b0a99fbb
                                                                                                                                                                                                    0x7ff6b0a99fbf
                                                                                                                                                                                                    0x7ff6b0a99fc5
                                                                                                                                                                                                    0x7ff6b0a99fc7
                                                                                                                                                                                                    0x7ff6b0a99fc7
                                                                                                                                                                                                    0x7ff6b0a99fcb
                                                                                                                                                                                                    0x7ff6b0a99fcd
                                                                                                                                                                                                    0x7ff6b0a99fd3
                                                                                                                                                                                                    0x7ff6b0a99fd5
                                                                                                                                                                                                    0x7ff6b0a99fd5
                                                                                                                                                                                                    0x7ff6b0a99fd9
                                                                                                                                                                                                    0x7ff6b0a99fdb
                                                                                                                                                                                                    0x7ff6b0a99fe1
                                                                                                                                                                                                    0x7ff6b0a99fe3
                                                                                                                                                                                                    0x7ff6b0a99fe3
                                                                                                                                                                                                    0x7ff6b0a99fe7
                                                                                                                                                                                                    0x7ff6b0a99fed
                                                                                                                                                                                                    0x7ff6b0a99ff1
                                                                                                                                                                                                    0x7ff6b0a99ff5
                                                                                                                                                                                                    0x7ff6b0a99ff9
                                                                                                                                                                                                    0x7ff6b0a9a000
                                                                                                                                                                                                    0x7ff6b0a9a003
                                                                                                                                                                                                    0x7ff6b0a9a00b
                                                                                                                                                                                                    0x7ff6b0a9a00f
                                                                                                                                                                                                    0x7ff6b0a9a022
                                                                                                                                                                                                    0x7ff6b0a9a024
                                                                                                                                                                                                    0x7ff6b0a9a027
                                                                                                                                                                                                    0x7ff6b0a9a02a
                                                                                                                                                                                                    0x7ff6b0a9a034
                                                                                                                                                                                                    0x7ff6b0a9a039
                                                                                                                                                                                                    0x7ff6b0a9a03f
                                                                                                                                                                                                    0x7ff6b0a9a041
                                                                                                                                                                                                    0x7ff6b0a9a046
                                                                                                                                                                                                    0x7ff6b0a9a04b
                                                                                                                                                                                                    0x7ff6b0a9a050
                                                                                                                                                                                                    0x7ff6b0a9a055
                                                                                                                                                                                                    0x7ff6b0a9a05d
                                                                                                                                                                                                    0x7ff6b0a9a068
                                                                                                                                                                                                    0x7ff6b0a9a06a
                                                                                                                                                                                                    0x7ff6b0a9a06d
                                                                                                                                                                                                    0x7ff6b0a9a072
                                                                                                                                                                                                    0x7ff6b0a9a074
                                                                                                                                                                                                    0x7ff6b0a9a07c
                                                                                                                                                                                                    0x7ff6b0a9a083
                                                                                                                                                                                                    0x7ff6b0a9a085
                                                                                                                                                                                                    0x7ff6b0a9a08d
                                                                                                                                                                                                    0x7ff6b0a9a095
                                                                                                                                                                                                    0x7ff6b0a9a0a3
                                                                                                                                                                                                    0x7ff6b0a9a0b6
                                                                                                                                                                                                    0x7ff6b0a9a0bb
                                                                                                                                                                                                    0x7ff6b0a9a0cb
                                                                                                                                                                                                    0x7ff6b0a9a0cd
                                                                                                                                                                                                    0x7ff6b0a9a0dc
                                                                                                                                                                                                    0x7ff6b0a9a0e4
                                                                                                                                                                                                    0x7ff6b0a9a0e6
                                                                                                                                                                                                    0x7ff6b0a9a0eb
                                                                                                                                                                                                    0x7ff6b0a9a0f8
                                                                                                                                                                                                    0x7ff6b0a9a102
                                                                                                                                                                                                    0x7ff6b0a9a10b
                                                                                                                                                                                                    0x7ff6b0a9a110
                                                                                                                                                                                                    0x7ff6b0a9a115
                                                                                                                                                                                                    0x7ff6b0a9a11d
                                                                                                                                                                                                    0x7ff6b0a9a11f
                                                                                                                                                                                                    0x7ff6b0a9a124
                                                                                                                                                                                                    0x7ff6b0a9a129
                                                                                                                                                                                                    0x7ff6b0a9a12e
                                                                                                                                                                                                    0x7ff6b0a9a136
                                                                                                                                                                                                    0x7ff6b0a9a138
                                                                                                                                                                                                    0x7ff6b0a9a144
                                                                                                                                                                                                    0x7ff6b0a9a14a
                                                                                                                                                                                                    0x7ff6b0a9a14e
                                                                                                                                                                                                    0x7ff6b0a9a152
                                                                                                                                                                                                    0x7ff6b0a9a156
                                                                                                                                                                                                    0x7ff6b0a9a159
                                                                                                                                                                                                    0x7ff6b0a9a164
                                                                                                                                                                                                    0x7ff6b0a9a168
                                                                                                                                                                                                    0x7ff6b0a9a17b
                                                                                                                                                                                                    0x7ff6b0a9a17d
                                                                                                                                                                                                    0x7ff6b0a9a180
                                                                                                                                                                                                    0x7ff6b0a9a183
                                                                                                                                                                                                    0x7ff6b0a9a18d
                                                                                                                                                                                                    0x7ff6b0a9a192
                                                                                                                                                                                                    0x7ff6b0a9a198
                                                                                                                                                                                                    0x7ff6b0a9a19a
                                                                                                                                                                                                    0x7ff6b0a9a19f
                                                                                                                                                                                                    0x7ff6b0a9a1a4
                                                                                                                                                                                                    0x7ff6b0a9a1a9
                                                                                                                                                                                                    0x7ff6b0a9a1ae
                                                                                                                                                                                                    0x7ff6b0a9a1b3
                                                                                                                                                                                                    0x7ff6b0a9a1bb
                                                                                                                                                                                                    0x7ff6b0a9a1bf
                                                                                                                                                                                                    0x7ff6b0a9a1c4
                                                                                                                                                                                                    0x7ff6b0a9a1c6
                                                                                                                                                                                                    0x7ff6b0a9a1ce
                                                                                                                                                                                                    0x7ff6b0a9a1d5
                                                                                                                                                                                                    0x7ff6b0a9a1d7
                                                                                                                                                                                                    0x7ff6b0a9a1dc
                                                                                                                                                                                                    0x7ff6b0a9a1df
                                                                                                                                                                                                    0x7ff6b0a9a1e4
                                                                                                                                                                                                    0x7ff6b0a9a1f5
                                                                                                                                                                                                    0x7ff6b0a9a208
                                                                                                                                                                                                    0x7ff6b0a9a20d
                                                                                                                                                                                                    0x7ff6b0a9a21d
                                                                                                                                                                                                    0x7ff6b0a9a21f
                                                                                                                                                                                                    0x7ff6b0a9a22e
                                                                                                                                                                                                    0x7ff6b0a9a236
                                                                                                                                                                                                    0x7ff6b0a9a238
                                                                                                                                                                                                    0x7ff6b0a9a23d
                                                                                                                                                                                                    0x7ff6b0a9a24a
                                                                                                                                                                                                    0x7ff6b0a9a254
                                                                                                                                                                                                    0x7ff6b0a9a25c
                                                                                                                                                                                                    0x7ff6b0a9a261
                                                                                                                                                                                                    0x7ff6b0a9a266
                                                                                                                                                                                                    0x7ff6b0a9a26e
                                                                                                                                                                                                    0x7ff6b0a9a270
                                                                                                                                                                                                    0x7ff6b0a9a275
                                                                                                                                                                                                    0x7ff6b0a9a27a
                                                                                                                                                                                                    0x7ff6b0a9a283
                                                                                                                                                                                                    0x7ff6b0a9a289
                                                                                                                                                                                                    0x7ff6b0a9a28d
                                                                                                                                                                                                    0x7ff6b0a9a290
                                                                                                                                                                                                    0x7ff6b0a9a29b
                                                                                                                                                                                                    0x7ff6b0a9a29f
                                                                                                                                                                                                    0x7ff6b0a9a2b2
                                                                                                                                                                                                    0x7ff6b0a9a2b4
                                                                                                                                                                                                    0x7ff6b0a9a2b7
                                                                                                                                                                                                    0x7ff6b0a9a2ba
                                                                                                                                                                                                    0x7ff6b0a9a2c4
                                                                                                                                                                                                    0x7ff6b0a9a2c9
                                                                                                                                                                                                    0x7ff6b0a9a2cf
                                                                                                                                                                                                    0x7ff6b0a9a2d1
                                                                                                                                                                                                    0x7ff6b0a9a2d6
                                                                                                                                                                                                    0x7ff6b0a9a2db
                                                                                                                                                                                                    0x7ff6b0a9a2e0
                                                                                                                                                                                                    0x7ff6b0a9a2e5
                                                                                                                                                                                                    0x7ff6b0a9a2ed
                                                                                                                                                                                                    0x7ff6b0a9a2f8
                                                                                                                                                                                                    0x7ff6b0a9a2fc
                                                                                                                                                                                                    0x7ff6b0a9a301
                                                                                                                                                                                                    0x7ff6b0a9a303
                                                                                                                                                                                                    0x7ff6b0a9a30b
                                                                                                                                                                                                    0x7ff6b0a9a312
                                                                                                                                                                                                    0x7ff6b0a9a314
                                                                                                                                                                                                    0x7ff6b0a9a319
                                                                                                                                                                                                    0x7ff6b0a9a31c
                                                                                                                                                                                                    0x7ff6b0a9a324
                                                                                                                                                                                                    0x7ff6b0a9a335
                                                                                                                                                                                                    0x7ff6b0a9a348
                                                                                                                                                                                                    0x7ff6b0a9a34d
                                                                                                                                                                                                    0x7ff6b0a9a35d
                                                                                                                                                                                                    0x7ff6b0a9a35f
                                                                                                                                                                                                    0x7ff6b0a9a36e
                                                                                                                                                                                                    0x7ff6b0a9a376
                                                                                                                                                                                                    0x7ff6b0a9a378
                                                                                                                                                                                                    0x7ff6b0a9a37d
                                                                                                                                                                                                    0x7ff6b0a9a38a
                                                                                                                                                                                                    0x7ff6b0a9a394
                                                                                                                                                                                                    0x7ff6b0a9a39c
                                                                                                                                                                                                    0x7ff6b0a9a3a1
                                                                                                                                                                                                    0x7ff6b0a9a3a6
                                                                                                                                                                                                    0x7ff6b0a9a3ae
                                                                                                                                                                                                    0x7ff6b0a9a3b0
                                                                                                                                                                                                    0x7ff6b0a9a3bf
                                                                                                                                                                                                    0x7ff6b0a9a3c4
                                                                                                                                                                                                    0x7ff6b0a9a3c8
                                                                                                                                                                                                    0x7ff6b0a9a3d6
                                                                                                                                                                                                    0x7ff6b0a9a3ed
                                                                                                                                                                                                    0x7ff6b0a9a403
                                                                                                                                                                                                    0x7ff6b0a9a411
                                                                                                                                                                                                    0x7ff6b0a9a413
                                                                                                                                                                                                    0x7ff6b0a9a418
                                                                                                                                                                                                    0x7ff6b0a9a421
                                                                                                                                                                                                    0x7ff6b0a9a42a
                                                                                                                                                                                                    0x7ff6b0a9a453

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: c150c4ca955c388edfe3a66c9f1b7fa42ad70acee1887465953eb8fb120a1af7
                                                                                                                                                                                                    • Instruction ID: 4301abe28706fc7d8ae36fe0b8c4dcd8dcaf322d22e4a8b14ba0c888fcb830b8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c150c4ca955c388edfe3a66c9f1b7fa42ad70acee1887465953eb8fb120a1af7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF12A82370C685A1EA60DB1DD0403BEBB71EB95794F680532EB8D87B9BDF2EE5418740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB7DE0 Relevance: 24.1, APIs: 16, Instructions: 142memoryCOMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 23%
                                                                                                                                                                                                    			E00007FF67FF6B0AB7DE0(void* __ebx, void* __edi, long long __rbx, long long __rbp, void* __r9, long long _a8) {
				void* _v24;
				char _v40;
				char _v56;
				long long _v64;
				long long _v72;
				long long _v88;
				void* __rsi;
				void* _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr* _t113;
				long long _t114;
				intOrPtr* _t115;
				intOrPtr* _t119;

				_t57 = __ebx;
				_t90 = _t119;
				_v88 = 0xfffffffe;
				 *((long long*)(_t90 + 0x10)) = __rbx;
				 *((long long*)(_t90 + 0x18)) = __rbp;
				_t58 =  *0xb0ae1798; // 0xffffffff
				if (_t58 != 0xffffffff) goto 0xb0ab7e0b;
				goto 0xb0ab7e14;
				TlsGetValue(??);
				_t115 = _t90;
				_a8 = _t115;
				if (_t115 == 0) goto 0xb0ab7f9e;
				if ( *((long long*)(_t115 + 0x60)) != 0) goto 0xb0ab7e39;
				if ( *((long long*)(_t115 + 0x18)) == 0) goto 0xb0ab7f77;
				goto 0xb0ab7e40;
				if ( *((long long*)(_t115 + 0x18)) == 0) goto 0xb0ab7e96;
				_t113 =  *((intOrPtr*)(_t115 + 0x18));
				 *((long long*)(_t115 + 0x18)) =  *((intOrPtr*)(_t113 + 8));
				_t101 =  *_t113;
				if (_t101 == 0) goto 0xb0ab7e7b;
				 *((intOrPtr*)( *_t101 + 8))();
				 *((intOrPtr*)( *((intOrPtr*)( *_t113))))();
				GetProcessHeap();
				HeapFree(??, ??, ??);
				GetProcessHeap();
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t115 + 0x18)) != 0) goto 0xb0ab7e40;
				if ( *((long long*)(_t115 + 0x60)) == 0) goto 0xb0ab7e25;
				_t114 =  *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x58))));
				_v64 = _t114;
				_t99 =  *((intOrPtr*)(_t115 + 0x28));
				_v72 = _t99;
				if (_t99 != 0) goto 0xb0ab7ec4;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab7ec7;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0xb0ab7ed2;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t114 + 0x20)) == 0) goto 0xb0ab7f49;
				if (_t99 != 0) goto 0xb0ab7ee8;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab7eeb;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0xb0ab7ef6;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t114 + 0x30)) == 0) goto 0xb0ab7f49;
				if (_t99 != 0) goto 0xb0ab7f0c;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab7f0f;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0xb0ab7f1a;
				E00007FF67FF6B0AA44B8();
				if (_t99 != 0) goto 0xb0ab7f2d;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab7f30;
				if (_t114 !=  *((intOrPtr*)( *_t99 + 0x30))) goto 0xb0ab7f3b;
				E00007FF67FF6B0AA44B8();
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x20)))) + 8))();
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x40], xmm0");
				_t29 = _t115 + 0x28; // 0x28
				E00007FF67FF6B0A95EB0(0, __edi, _t99, _t29,  &_v40, _t115,  &_v56, __r9);
				if ( *((long long*)(_t115 + 0x60)) != 0) goto 0xb0ab7ea0;
				goto 0xb0ab7e25;
				E00007FF67FF6B0AB63B0(_t57, _t99, 0xb0ae4010, 0x7ff6b0ab61c0, _t115);
				_t59 =  *0xb0ae1798; // 0xffffffff
				if (_t59 == 0xffffffff) goto 0xb0ab7f9e;
				TlsSetValue(??, ??);
				_t88 = _t115;
				if (_t88 == 0) goto 0xb0ab7fc8;
				asm("lock add dword [esi+0x8], 0xffffffff");
				if (_t88 != 0) goto 0xb0ab7fc8;
				 *((intOrPtr*)( *_t115))();
				GetProcessHeap();
				return HeapFree(??, ??, ??);
			}





















                                                                                                                                                                                                    0x7ff6b0ab7de0
                                                                                                                                                                                                    0x7ff6b0ab7de0
                                                                                                                                                                                                    0x7ff6b0ab7deb
                                                                                                                                                                                                    0x7ff6b0ab7df4
                                                                                                                                                                                                    0x7ff6b0ab7df8
                                                                                                                                                                                                    0x7ff6b0ab7dfc
                                                                                                                                                                                                    0x7ff6b0ab7e05
                                                                                                                                                                                                    0x7ff6b0ab7e09
                                                                                                                                                                                                    0x7ff6b0ab7e0b
                                                                                                                                                                                                    0x7ff6b0ab7e11
                                                                                                                                                                                                    0x7ff6b0ab7e14
                                                                                                                                                                                                    0x7ff6b0ab7e1f
                                                                                                                                                                                                    0x7ff6b0ab7e2a
                                                                                                                                                                                                    0x7ff6b0ab7e31
                                                                                                                                                                                                    0x7ff6b0ab7e37
                                                                                                                                                                                                    0x7ff6b0ab7e3e
                                                                                                                                                                                                    0x7ff6b0ab7e40
                                                                                                                                                                                                    0x7ff6b0ab7e48
                                                                                                                                                                                                    0x7ff6b0ab7e4c
                                                                                                                                                                                                    0x7ff6b0ab7e52
                                                                                                                                                                                                    0x7ff6b0ab7e57
                                                                                                                                                                                                    0x7ff6b0ab7e65
                                                                                                                                                                                                    0x7ff6b0ab7e67
                                                                                                                                                                                                    0x7ff6b0ab7e75
                                                                                                                                                                                                    0x7ff6b0ab7e7b
                                                                                                                                                                                                    0x7ff6b0ab7e89
                                                                                                                                                                                                    0x7ff6b0ab7e94
                                                                                                                                                                                                    0x7ff6b0ab7e9b
                                                                                                                                                                                                    0x7ff6b0ab7ea4
                                                                                                                                                                                                    0x7ff6b0ab7ea7
                                                                                                                                                                                                    0x7ff6b0ab7eac
                                                                                                                                                                                                    0x7ff6b0ab7eb0
                                                                                                                                                                                                    0x7ff6b0ab7eb8
                                                                                                                                                                                                    0x7ff6b0ab7eba
                                                                                                                                                                                                    0x7ff6b0ab7ebf
                                                                                                                                                                                                    0x7ff6b0ab7ec2
                                                                                                                                                                                                    0x7ff6b0ab7ecb
                                                                                                                                                                                                    0x7ff6b0ab7ecd
                                                                                                                                                                                                    0x7ff6b0ab7ed7
                                                                                                                                                                                                    0x7ff6b0ab7edc
                                                                                                                                                                                                    0x7ff6b0ab7ede
                                                                                                                                                                                                    0x7ff6b0ab7ee3
                                                                                                                                                                                                    0x7ff6b0ab7ee6
                                                                                                                                                                                                    0x7ff6b0ab7eef
                                                                                                                                                                                                    0x7ff6b0ab7ef1
                                                                                                                                                                                                    0x7ff6b0ab7efb
                                                                                                                                                                                                    0x7ff6b0ab7f00
                                                                                                                                                                                                    0x7ff6b0ab7f02
                                                                                                                                                                                                    0x7ff6b0ab7f07
                                                                                                                                                                                                    0x7ff6b0ab7f0a
                                                                                                                                                                                                    0x7ff6b0ab7f13
                                                                                                                                                                                                    0x7ff6b0ab7f15
                                                                                                                                                                                                    0x7ff6b0ab7f21
                                                                                                                                                                                                    0x7ff6b0ab7f23
                                                                                                                                                                                                    0x7ff6b0ab7f28
                                                                                                                                                                                                    0x7ff6b0ab7f2b
                                                                                                                                                                                                    0x7ff6b0ab7f34
                                                                                                                                                                                                    0x7ff6b0ab7f36
                                                                                                                                                                                                    0x7ff6b0ab7f46
                                                                                                                                                                                                    0x7ff6b0ab7f49
                                                                                                                                                                                                    0x7ff6b0ab7f4e
                                                                                                                                                                                                    0x7ff6b0ab7f5e
                                                                                                                                                                                                    0x7ff6b0ab7f62
                                                                                                                                                                                                    0x7ff6b0ab7f6c
                                                                                                                                                                                                    0x7ff6b0ab7f72
                                                                                                                                                                                                    0x7ff6b0ab7f85
                                                                                                                                                                                                    0x7ff6b0ab7f8a
                                                                                                                                                                                                    0x7ff6b0ab7f93
                                                                                                                                                                                                    0x7ff6b0ab7f97
                                                                                                                                                                                                    0x7ff6b0ab7f9e
                                                                                                                                                                                                    0x7ff6b0ab7fa1
                                                                                                                                                                                                    0x7ff6b0ab7fa3
                                                                                                                                                                                                    0x7ff6b0ab7fa8
                                                                                                                                                                                                    0x7ff6b0ab7fb2
                                                                                                                                                                                                    0x7ff6b0ab7fb4
                                                                                                                                                                                                    0x7ff6b0ab7fdc

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$Heap$Event$CloseFreeHandleProcess$Value$CreateOpenReset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3479055706-0
                                                                                                                                                                                                    • Opcode ID: d7bddb002446de1d6353830d7340297a2e8ea3ae02d25d3a1f121764180d7d71
                                                                                                                                                                                                    • Instruction ID: 7f9666d5eed00708653361147b4e3f06f14d3bbbe6b813b7557d73787e659016
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7bddb002446de1d6353830d7340297a2e8ea3ae02d25d3a1f121764180d7d71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE617023A08A0AA2E6659B29D44037D7BA1FF44B50F549A31DB5E837D2DF7CF841C340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACB970 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 271memoryCOMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF67FF6B0ACB970(void* __ebx, void* __ecx, void* __edx, void* __edi, signed int __rbx, long long __rcx, long long __r8, void* __r10, void* _a16) {
				signed int _v48;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v104;
				long long _v112;
				char _v128;
				char _v136;
				long long _v144;
				intOrPtr _v168;
				char _v176;
				long long _v184;
				intOrPtr _v208;
				char _v216;
				long long _v224;
				long long _v240;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				void* _v288;
				char _v292;
				signed int _v296;
				char _v304;
				char _v312;
				long long _v328;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed short _t123;
				void* _t136;
				signed int* _t153;
				void* _t160;
				signed long long _t186;
				signed int _t190;
				signed long long _t195;
				signed long long _t196;
				void* _t219;
				void* _t224;
				long long _t243;
				long long _t244;
				signed int* _t245;
				void* _t246;
				void* _t247;
				signed short* _t253;
				signed long long _t261;
				void* _t262;
				void* _t267;
				void* _t268;
				long long _t269;
				void* _t270;

				_t267 = __r10;
				_t140 = __edx;
				_t138 = __ecx;
				_t268 = _t247;
				_v224 = 0xfffffffe;
				 *((long long*)(_t268 + 0x10)) = __rbx;
				_t186 =  *0xb0ae0430; // 0x449f37dbf1f
				_v48 = _t186 ^ _t247 - 0x00000140;
				_t244 = __r8;
				_t243 = __rcx;
				 *((long long*)(_t268 - 0x38)) = __rcx;
				r12d = 0;
				_v296 = r12d;
				_t152 = __edx;
				if (__edx != 0) goto 0xb0acba95;
				 *((long long*)(_t268 - 0xe8)) = 7;
				_v240 = _t269;
				_v256 = r12w;
				_t195 = __rbx | 0xffffffff;
				_t261 = _t195;
				r8d = 0;
				E00007FF67FF6B0A92390(_t195,  &_v264, __rcx, __rcx, __r8, _t246, __r8, _t261);
				_v328 = _t244;
				r9b = 1;
				E00007FF67FF6B0A96710(_t140, _t152, _t195,  &_v288, _t246,  &_v264, _t261);
				E00007FF67FF6B0AB6BF0(_t195,  &_v288);
				_t245 = _v288;
				_t153 = _t245;
				if (_t153 == 0) goto 0xb0acba6d;
				asm("lock xadd [esi+0x8], ebx");
				_t136 = __ebx + 0xffffffff;
				if (_t153 != 0) goto 0xb0acba6d;
				 *( *_t245)();
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0xb0acba6d;
				_t16 = _t269 + 0x49; // 0x49
				r9d = _t16;
				_t253 = "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp";
				E00007FF67FF6B0ACAB00(_t136, __ecx, __edi, _t195, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t245, _t246, _t253, _t261);
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0xb0acba7d;
				E00007FF67FF6B0AA44D8( *_t245, _t195,  *((intOrPtr*)(_t243 + 8)), "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t245, _t253, _t261);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				goto 0xb0acbe31;
				E00007FF67FF6B0ACB410(_t136, _t138, 0,  *((long long*)(_t243 + 0x20)) - 8, _t195,  &_v136,  *((intOrPtr*)(_t243 + 8)), _t246, _t253, _t267);
				r9d = 4;
				_t262 =  <  ? _v112 : _t261;
				_t208 =  >=  ? _v128 :  &_v128;
				r8d = 4;
				_t254 =  <  ? _t262 : _t253;
				_t196 = _t195 | 0xffffffff;
				if (( <  ? _t262 : _t253) == 0) goto 0xb0acbb19;
				_t160 =  *((intOrPtr*)( >=  ? _v128 :  &_v128)) - (L"\\\\?\\" & 0x0000ffff);
				if (_t160 != 0) goto 0xb0acbb0a;
				if (_t160 != 0) goto 0xb0acbaf2;
				goto 0xb0acbb19;
				r8d = 1;
				r8d =  <  ? _t136 : r8d;
				goto 0xb0acbb1c;
				r8d = r12d;
				_t190 = r8d;
				if (r8d != 0) goto 0xb0acbb34;
				if (_t262 - 4 < 0) goto 0xb0acbb84;
				if ((r12d & 0xffffff00 | _t262 != 0x00000004) != 0) goto 0xb0acbb84;
				_t29 = _t190 + 4; // 0x8
				r8d = _t29;
				E00007FF67FF6B0A94500(_t190,  &_v136,  &_v176);
				r8d = r8d ^ r8d;
				E00007FF67FF6B0A92390(_t196,  &_v136, _t190, _t243, _t245, _t246, ( <  ? _t262 : _t253) - 1, _t196);
				if (_v144 - 8 < 0) goto 0xb0acbb84;
				E00007FF67FF6B0AA44D8(_t190, _t196, _v168, _t190, _t245, ( <  ? _t262 : _t253) - 1, _t196);
				r13d = 0x5c;
				_v312 = r13w;
				r9d = _t270 - 0x5b;
				E00007FF67FF6B0A94BB0(_t196,  &_v136,  &_v312, _t243, _t245, _t246);
				if (_t190 == 0xffffffff) goto 0xb0acbbf5;
				_v304 = r13w;
				r9d = _t270 - 0x5b;
				E00007FF67FF6B0A94BB0(_t196,  &_v136,  &_v304, _t243, _t245, _t246);
				r8d = 0;
				E00007FF67FF6B0A94500(_t190,  &_v136,  &_v216);
				_v296 = 1;
				goto 0xb0acbbfd;
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				_t266 = _t196;
				r8d = 0;
				_t242 =  &_v136;
				E00007FF67FF6B0A92390(_t196,  &_v96,  &_v136, _t243, _t245, _t246, _t196, _t196);
				if ((bpl & 0x00000001) == 0) goto 0xb0acbc4f;
				if (_v184 - 8 < 0) goto 0xb0acbc4f;
				_t123 = E00007FF67FF6B0AA44D8( &_v136, _t196, _v208,  &_v136, _t245, _t196, _t196);
				_t219 =  >=  ? _v88 :  &_v88;
				_v328 =  &_v292;
				r9d = 0;
				__imp__SHParseDisplayName();
				if (_t123 == 0) goto 0xb0acbd27;
				if (_t245 == 0) goto 0xb0acbc95;
				 *_t245 = _t123 & 0x0000ffff;
				if (_v64 - 8 < 0) goto 0xb0acbcad;
				E00007FF67FF6B0AA44D8( &_v292, _t196, _v88,  &_v136, _t245,  &_v280, _t196);
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				if (_v104 - 8 < 0) goto 0xb0acbce2;
				E00007FF67FF6B0AA44D8( &_v292, _t196, _v128,  &_v136, _t245,  &_v280, _t196);
				_v104 = 7;
				_v112 = _t269;
				_v128 = r12w;
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0xb0acbd0f;
				E00007FF67FF6B0AA44D8( &_v292, _t196,  *((intOrPtr*)(_t243 + 8)),  &_v136, _t245,  &_v280, _t196);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				goto 0xb0acbe31;
				_t224 =  >=  ? _v128 :  &_v128;
				_v328 =  &_v292;
				r9d = 0;
				__imp__SHParseDisplayName();
				__imp__CoInitializeEx();
				r9d = 0;
				__imp__SHOpenFolderAndSelectItems();
				if (0 == 0) goto 0xb0acbd95;
				if (_t245 == 0) goto 0xb0acbd95;
				 *_t245 = 0;
				if (0 == 0) goto 0xb0acbd9e;
				if (0 != 1) goto 0xb0acbda4;
				__imp__CoUninitialize();
				if (_v64 - 8 < 0) goto 0xb0acbdbc;
				E00007FF67FF6B0AA44D8( &_v292, _t196, _v88,  &_v136, _t245,  &_v272, _t196);
				_v64 = 7;
				_v72 = _t269;
				_v88 = r12w;
				if (_v104 - 8 < 0) goto 0xb0acbdf1;
				E00007FF67FF6B0AA44D8( &_v292, _t196, _v128, _t242, _t245,  &_v272, _t266);
				_v104 = 7;
				_v112 = _t269;
				_v128 = r12w;
				if ( *((long long*)(_t243 + 0x20)) - 8 < 0) goto 0xb0acbe1e;
				E00007FF67FF6B0AA44D8( &_v292, _t196,  *((intOrPtr*)(_t243 + 8)), _t242, _t245,  &_v272, _t266);
				 *((long long*)(_t243 + 0x20)) = 7;
				 *((long long*)(_t243 + 0x18)) = _t269;
				 *((intOrPtr*)(_t243 + 8)) = r12w;
				return E00007FF67FF6B0AA4050(0, _v48 ^ _t247 - 0x00000140, _t242,  &_v272, _t266);
			}























































                                                                                                                                                                                                    0x7ff6b0acb970
                                                                                                                                                                                                    0x7ff6b0acb970
                                                                                                                                                                                                    0x7ff6b0acb970
                                                                                                                                                                                                    0x7ff6b0acb970
                                                                                                                                                                                                    0x7ff6b0acb981
                                                                                                                                                                                                    0x7ff6b0acb98d
                                                                                                                                                                                                    0x7ff6b0acb991
                                                                                                                                                                                                    0x7ff6b0acb99b
                                                                                                                                                                                                    0x7ff6b0acb9a3
                                                                                                                                                                                                    0x7ff6b0acb9a6
                                                                                                                                                                                                    0x7ff6b0acb9a9
                                                                                                                                                                                                    0x7ff6b0acb9ad
                                                                                                                                                                                                    0x7ff6b0acb9b3
                                                                                                                                                                                                    0x7ff6b0acb9b8
                                                                                                                                                                                                    0x7ff6b0acb9ba
                                                                                                                                                                                                    0x7ff6b0acb9c0
                                                                                                                                                                                                    0x7ff6b0acb9cb
                                                                                                                                                                                                    0x7ff6b0acb9d0
                                                                                                                                                                                                    0x7ff6b0acb9d6
                                                                                                                                                                                                    0x7ff6b0acb9da
                                                                                                                                                                                                    0x7ff6b0acb9dd
                                                                                                                                                                                                    0x7ff6b0acb9e8
                                                                                                                                                                                                    0x7ff6b0acb9ed
                                                                                                                                                                                                    0x7ff6b0acb9f2
                                                                                                                                                                                                    0x7ff6b0acba06
                                                                                                                                                                                                    0x7ff6b0acba11
                                                                                                                                                                                                    0x7ff6b0acba17
                                                                                                                                                                                                    0x7ff6b0acba1c
                                                                                                                                                                                                    0x7ff6b0acba1f
                                                                                                                                                                                                    0x7ff6b0acba21
                                                                                                                                                                                                    0x7ff6b0acba26
                                                                                                                                                                                                    0x7ff6b0acba29
                                                                                                                                                                                                    0x7ff6b0acba33
                                                                                                                                                                                                    0x7ff6b0acba35
                                                                                                                                                                                                    0x7ff6b0acba4b
                                                                                                                                                                                                    0x7ff6b0acba4d
                                                                                                                                                                                                    0x7ff6b0acba4d
                                                                                                                                                                                                    0x7ff6b0acba52
                                                                                                                                                                                                    0x7ff6b0acba67
                                                                                                                                                                                                    0x7ff6b0acba72
                                                                                                                                                                                                    0x7ff6b0acba78
                                                                                                                                                                                                    0x7ff6b0acba7d
                                                                                                                                                                                                    0x7ff6b0acba85
                                                                                                                                                                                                    0x7ff6b0acba89
                                                                                                                                                                                                    0x7ff6b0acba90
                                                                                                                                                                                                    0x7ff6b0acbaa0
                                                                                                                                                                                                    0x7ff6b0acbaa6
                                                                                                                                                                                                    0x7ff6b0acbab7
                                                                                                                                                                                                    0x7ff6b0acbacc
                                                                                                                                                                                                    0x7ff6b0acbad5
                                                                                                                                                                                                    0x7ff6b0acbade
                                                                                                                                                                                                    0x7ff6b0acbae9
                                                                                                                                                                                                    0x7ff6b0acbaf0
                                                                                                                                                                                                    0x7ff6b0acbaf5
                                                                                                                                                                                                    0x7ff6b0acbaf8
                                                                                                                                                                                                    0x7ff6b0acbb06
                                                                                                                                                                                                    0x7ff6b0acbb08
                                                                                                                                                                                                    0x7ff6b0acbb0a
                                                                                                                                                                                                    0x7ff6b0acbb13
                                                                                                                                                                                                    0x7ff6b0acbb17
                                                                                                                                                                                                    0x7ff6b0acbb19
                                                                                                                                                                                                    0x7ff6b0acbb1c
                                                                                                                                                                                                    0x7ff6b0acbb22
                                                                                                                                                                                                    0x7ff6b0acbb28
                                                                                                                                                                                                    0x7ff6b0acbb36
                                                                                                                                                                                                    0x7ff6b0acbb3b
                                                                                                                                                                                                    0x7ff6b0acbb3b
                                                                                                                                                                                                    0x7ff6b0acbb4f
                                                                                                                                                                                                    0x7ff6b0acbb58
                                                                                                                                                                                                    0x7ff6b0acbb66
                                                                                                                                                                                                    0x7ff6b0acbb75
                                                                                                                                                                                                    0x7ff6b0acbb7f
                                                                                                                                                                                                    0x7ff6b0acbb84
                                                                                                                                                                                                    0x7ff6b0acbb8a
                                                                                                                                                                                                    0x7ff6b0acbb90
                                                                                                                                                                                                    0x7ff6b0acbba4
                                                                                                                                                                                                    0x7ff6b0acbbad
                                                                                                                                                                                                    0x7ff6b0acbbaf
                                                                                                                                                                                                    0x7ff6b0acbbb5
                                                                                                                                                                                                    0x7ff6b0acbbc9
                                                                                                                                                                                                    0x7ff6b0acbbd1
                                                                                                                                                                                                    0x7ff6b0acbbe4
                                                                                                                                                                                                    0x7ff6b0acbbef
                                                                                                                                                                                                    0x7ff6b0acbbf3
                                                                                                                                                                                                    0x7ff6b0acbbfd
                                                                                                                                                                                                    0x7ff6b0acbc09
                                                                                                                                                                                                    0x7ff6b0acbc11
                                                                                                                                                                                                    0x7ff6b0acbc1a
                                                                                                                                                                                                    0x7ff6b0acbc1d
                                                                                                                                                                                                    0x7ff6b0acbc20
                                                                                                                                                                                                    0x7ff6b0acbc2b
                                                                                                                                                                                                    0x7ff6b0acbc35
                                                                                                                                                                                                    0x7ff6b0acbc40
                                                                                                                                                                                                    0x7ff6b0acbc4a
                                                                                                                                                                                                    0x7ff6b0acbc60
                                                                                                                                                                                                    0x7ff6b0acbc6e
                                                                                                                                                                                                    0x7ff6b0acbc73
                                                                                                                                                                                                    0x7ff6b0acbc7d
                                                                                                                                                                                                    0x7ff6b0acbc85
                                                                                                                                                                                                    0x7ff6b0acbc8e
                                                                                                                                                                                                    0x7ff6b0acbc93
                                                                                                                                                                                                    0x7ff6b0acbc9e
                                                                                                                                                                                                    0x7ff6b0acbca8
                                                                                                                                                                                                    0x7ff6b0acbcad
                                                                                                                                                                                                    0x7ff6b0acbcb9
                                                                                                                                                                                                    0x7ff6b0acbcc1
                                                                                                                                                                                                    0x7ff6b0acbcd3
                                                                                                                                                                                                    0x7ff6b0acbcdd
                                                                                                                                                                                                    0x7ff6b0acbce2
                                                                                                                                                                                                    0x7ff6b0acbcee
                                                                                                                                                                                                    0x7ff6b0acbcf6
                                                                                                                                                                                                    0x7ff6b0acbd04
                                                                                                                                                                                                    0x7ff6b0acbd0a
                                                                                                                                                                                                    0x7ff6b0acbd0f
                                                                                                                                                                                                    0x7ff6b0acbd17
                                                                                                                                                                                                    0x7ff6b0acbd1b
                                                                                                                                                                                                    0x7ff6b0acbd22
                                                                                                                                                                                                    0x7ff6b0acbd38
                                                                                                                                                                                                    0x7ff6b0acbd46
                                                                                                                                                                                                    0x7ff6b0acbd4b
                                                                                                                                                                                                    0x7ff6b0acbd55
                                                                                                                                                                                                    0x7ff6b0acbd64
                                                                                                                                                                                                    0x7ff6b0acbd74
                                                                                                                                                                                                    0x7ff6b0acbd81
                                                                                                                                                                                                    0x7ff6b0acbd89
                                                                                                                                                                                                    0x7ff6b0acbd8e
                                                                                                                                                                                                    0x7ff6b0acbd93
                                                                                                                                                                                                    0x7ff6b0acbd97
                                                                                                                                                                                                    0x7ff6b0acbd9c
                                                                                                                                                                                                    0x7ff6b0acbd9e
                                                                                                                                                                                                    0x7ff6b0acbdad
                                                                                                                                                                                                    0x7ff6b0acbdb7
                                                                                                                                                                                                    0x7ff6b0acbdbc
                                                                                                                                                                                                    0x7ff6b0acbdc8
                                                                                                                                                                                                    0x7ff6b0acbdd0
                                                                                                                                                                                                    0x7ff6b0acbde2
                                                                                                                                                                                                    0x7ff6b0acbdec
                                                                                                                                                                                                    0x7ff6b0acbdf1
                                                                                                                                                                                                    0x7ff6b0acbdfd
                                                                                                                                                                                                    0x7ff6b0acbe05
                                                                                                                                                                                                    0x7ff6b0acbe13
                                                                                                                                                                                                    0x7ff6b0acbe19
                                                                                                                                                                                                    0x7ff6b0acbe1e
                                                                                                                                                                                                    0x7ff6b0acbe26
                                                                                                                                                                                                    0x7ff6b0acbe2a
                                                                                                                                                                                                    0x7ff6b0acbe57

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$DisplayFreeNameParseProcess$FolderInitializeItemsOpenSelectUninitialize
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$\\?\$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 1792686712-3491708354
                                                                                                                                                                                                    • Opcode ID: 3a8b11ccadee6583c85372323fada0a20ee016908da08a30510c647ca9ef4f30
                                                                                                                                                                                                    • Instruction ID: 759b5c89c54a1d52b598736cb92c5283371d550250651aa29d47dc949df7c84c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a8b11ccadee6583c85372323fada0a20ee016908da08a30510c647ca9ef4f30
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5C17C33618AC2A2EA308B19E8447EA77A0FB84754F414A35DB9D87BD6DF3DE594C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB4190 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                                                                    			E00007FF67FF6B0AB4190(void* __ebx, void* __ecx, void* __eflags, long long __rbx, signed long long __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t53;
				int _t56;
				short _t57;
				void* _t70;
				void* _t118;
				char* _t119;
				char* _t120;
				char* _t121;
				char* _t122;
				intOrPtr* _t125;
				char* _t134;
				signed long long _t144;
				long long _t147;
				intOrPtr* _t148;
				void* _t150;
				void* _t159;
				_Unknown_base(*)()* _t160;
				void* _t161;

				_t159 = __r9;
				_t141 = __rdi;
				_t70 = __ebx;
				_t118 = _t150;
				 *((long long*)(_t118 + 8)) = __rbx;
				 *((long long*)(_t118 + 0x10)) = _t147;
				 *((long long*)(_t118 + 0x18)) = __rsi;
				 *((long long*)(_t118 + 0x20)) = __rdi;
				_t161 = __r8;
				_t148 = __rdx;
				_t144 = __rcx;
				E00007FF67FF6B0AAB93C(__ecx, __eflags, _t118);
				_t5 = _t118 + 0x140; // 0x140
				_t125 = _t5;
				if (__rcx != 0) goto 0xb0ab41cf;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) | 0x00000104;
				goto 0xb0ab42b2;
				_t119 = __rcx + 0x40;
				 *_t125 = __rcx;
				 *((long long*)(_t125 + 8)) = _t119;
				if (_t119 == 0) goto 0xb0ab41f9;
				if ( *_t119 == 0) goto 0xb0ab41f9;
				_t10 = _t125 + 8; // 0x148
				E00007FF67FF6B0AB39B4(0x16, _t125, 0xb0ad2940, __rdi, __rcx, _t10);
				_t120 =  *_t125;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) & 0x00000000;
				if (_t120 == 0) goto 0xb0ab426e;
				if ( *_t120 == 0) goto 0xb0ab426e;
				_t121 =  *((intOrPtr*)(_t125 + 8));
				if (_t121 == 0) goto 0xb0ab4222;
				if ( *_t121 == 0) goto 0xb0ab4222;
				E00007FF67FF6B0AB4090(_t121, _t125);
				goto 0xb0ab422a;
				E00007FF67FF6B0AB4124(_t121, _t125);
				if ( *(_t125 + 0x10) != 0) goto 0xb0ab42c8;
				if (E00007FF67FF6B0AB39B4(0x40, _t125, 0xb0ad2530, _t141, _t144, _t125) == 0) goto 0xb0ab42be;
				_t122 =  *((intOrPtr*)(_t125 + 8));
				if (_t122 == 0) goto 0xb0ab4264;
				if ( *_t122 == 0) goto 0xb0ab4264;
				E00007FF67FF6B0AB4090(_t122, _t125);
				goto 0xb0ab42be;
				_t53 = E00007FF67FF6B0AB4124(_t122, _t125);
				goto 0xb0ab42be;
				_t134 =  *((intOrPtr*)(_t125 + 8));
				if (_t134 == 0) goto 0xb0ab42ab;
				if ( *_t134 == 0) goto 0xb0ab42ab;
				E00007FF67FF6B0AA70C0(_t53, _t134);
				 *(_t125 + 0x1c) = 0 | _t122 == 0x00000003;
				EnumSystemLocalesA(_t160);
				if (( *(_t125 + 0x10) & 0x00000004) != 0) goto 0xb0ab42be;
				 *(_t125 + 0x10) =  *(_t125 + 0x10) & 0x00000000;
				goto 0xb0ab42be;
				 *(_t125 + 0x10) = 0x104;
				_t56 = GetUserDefaultLCID();
				 *(_t125 + 0x20) = _t56;
				 *(_t125 + 0x24) = _t56;
				if ( *(_t125 + 0x10) == 0) goto 0xb0ab43db;
				asm("dec eax");
				_t57 = E00007FF67FF6B0AB3A4C(_t70, _t122 == 3, _t125, 0x7ff6b0ab3b50 & _t144 + 0x00000080, _t125, _t159);
				if (_t57 == 0) goto 0xb0ab43db;
				if (_t57 == 0xfde8) goto 0xb0ab43db;
				if (_t57 == 0xfde9) goto 0xb0ab43db;
				if (IsValidCodePage(??) == 0) goto 0xb0ab43db;
				if (IsValidLocale(??, ??) == 0) goto 0xb0ab43db;
				if (_t148 == 0) goto 0xb0ab4340;
				 *_t148 =  *(_t125 + 0x20) & 0x0000ffff;
				 *((short*)(_t148 + 4)) = _t57;
				 *((short*)(_t148 + 2)) =  *(_t125 + 0x24) & 0x0000ffff;
				if (_t161 == 0) goto 0xb0ab43d4;
				if ( *_t148 != 0x814) goto 0xb0ab4383;
				if (E00007FF67FF6B0AAB72C(_t144 + 0x80, _t161, _t125,  ~_t144, _t148, "Norwegian-Nynorsk") == 0) goto 0xb0ab439e;
				 *(_t150 - 0x30 + 0x20) =  *(_t150 - 0x30 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				goto 0xb0ab439e;
				r9d = 0x40;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0xb0ab43db;
				r9d = 0x40;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0xb0ab43db;
				r9d = 0xa;
				_t42 = _t159 + 6; // 0x6
				r8d = _t42;
				E00007FF67FF6B0AA6228(_t57);
				goto 0xb0ab43dd;
				return 0;
			}





















                                                                                                                                                                                                    0x7ff6b0ab4190
                                                                                                                                                                                                    0x7ff6b0ab4190
                                                                                                                                                                                                    0x7ff6b0ab4190
                                                                                                                                                                                                    0x7ff6b0ab4190
                                                                                                                                                                                                    0x7ff6b0ab4193
                                                                                                                                                                                                    0x7ff6b0ab4197
                                                                                                                                                                                                    0x7ff6b0ab419b
                                                                                                                                                                                                    0x7ff6b0ab419f
                                                                                                                                                                                                    0x7ff6b0ab41a9
                                                                                                                                                                                                    0x7ff6b0ab41ac
                                                                                                                                                                                                    0x7ff6b0ab41af
                                                                                                                                                                                                    0x7ff6b0ab41b2
                                                                                                                                                                                                    0x7ff6b0ab41b7
                                                                                                                                                                                                    0x7ff6b0ab41b7
                                                                                                                                                                                                    0x7ff6b0ab41c1
                                                                                                                                                                                                    0x7ff6b0ab41c3
                                                                                                                                                                                                    0x7ff6b0ab41ca
                                                                                                                                                                                                    0x7ff6b0ab41cf
                                                                                                                                                                                                    0x7ff6b0ab41d3
                                                                                                                                                                                                    0x7ff6b0ab41d6
                                                                                                                                                                                                    0x7ff6b0ab41dd
                                                                                                                                                                                                    0x7ff6b0ab41e2
                                                                                                                                                                                                    0x7ff6b0ab41e4
                                                                                                                                                                                                    0x7ff6b0ab41f4
                                                                                                                                                                                                    0x7ff6b0ab41f9
                                                                                                                                                                                                    0x7ff6b0ab41fc
                                                                                                                                                                                                    0x7ff6b0ab4203
                                                                                                                                                                                                    0x7ff6b0ab4208
                                                                                                                                                                                                    0x7ff6b0ab420a
                                                                                                                                                                                                    0x7ff6b0ab4211
                                                                                                                                                                                                    0x7ff6b0ab4216
                                                                                                                                                                                                    0x7ff6b0ab421b
                                                                                                                                                                                                    0x7ff6b0ab4220
                                                                                                                                                                                                    0x7ff6b0ab4225
                                                                                                                                                                                                    0x7ff6b0ab422e
                                                                                                                                                                                                    0x7ff6b0ab424a
                                                                                                                                                                                                    0x7ff6b0ab424c
                                                                                                                                                                                                    0x7ff6b0ab4253
                                                                                                                                                                                                    0x7ff6b0ab4258
                                                                                                                                                                                                    0x7ff6b0ab425d
                                                                                                                                                                                                    0x7ff6b0ab4262
                                                                                                                                                                                                    0x7ff6b0ab4267
                                                                                                                                                                                                    0x7ff6b0ab426c
                                                                                                                                                                                                    0x7ff6b0ab426e
                                                                                                                                                                                                    0x7ff6b0ab4275
                                                                                                                                                                                                    0x7ff6b0ab427a
                                                                                                                                                                                                    0x7ff6b0ab427c
                                                                                                                                                                                                    0x7ff6b0ab428f
                                                                                                                                                                                                    0x7ff6b0ab4299
                                                                                                                                                                                                    0x7ff6b0ab42a3
                                                                                                                                                                                                    0x7ff6b0ab42a5
                                                                                                                                                                                                    0x7ff6b0ab42a9
                                                                                                                                                                                                    0x7ff6b0ab42ab
                                                                                                                                                                                                    0x7ff6b0ab42b2
                                                                                                                                                                                                    0x7ff6b0ab42b8
                                                                                                                                                                                                    0x7ff6b0ab42bb
                                                                                                                                                                                                    0x7ff6b0ab42c2
                                                                                                                                                                                                    0x7ff6b0ab42d5
                                                                                                                                                                                                    0x7ff6b0ab42db
                                                                                                                                                                                                    0x7ff6b0ab42e4
                                                                                                                                                                                                    0x7ff6b0ab42ef
                                                                                                                                                                                                    0x7ff6b0ab42fa
                                                                                                                                                                                                    0x7ff6b0ab430b
                                                                                                                                                                                                    0x7ff6b0ab4321
                                                                                                                                                                                                    0x7ff6b0ab432a
                                                                                                                                                                                                    0x7ff6b0ab4330
                                                                                                                                                                                                    0x7ff6b0ab4338
                                                                                                                                                                                                    0x7ff6b0ab433c
                                                                                                                                                                                                    0x7ff6b0ab4343
                                                                                                                                                                                                    0x7ff6b0ab4352
                                                                                                                                                                                                    0x7ff6b0ab436a
                                                                                                                                                                                                    0x7ff6b0ab436c
                                                                                                                                                                                                    0x7ff6b0ab4372
                                                                                                                                                                                                    0x7ff6b0ab4375
                                                                                                                                                                                                    0x7ff6b0ab437c
                                                                                                                                                                                                    0x7ff6b0ab4381
                                                                                                                                                                                                    0x7ff6b0ab4386
                                                                                                                                                                                                    0x7ff6b0ab439c
                                                                                                                                                                                                    0x7ff6b0ab43ab
                                                                                                                                                                                                    0x7ff6b0ab43b9
                                                                                                                                                                                                    0x7ff6b0ab43bb
                                                                                                                                                                                                    0x7ff6b0ab43cb
                                                                                                                                                                                                    0x7ff6b0ab43cb
                                                                                                                                                                                                    0x7ff6b0ab43cf
                                                                                                                                                                                                    0x7ff6b0ab43d9
                                                                                                                                                                                                    0x7ff6b0ab43f7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$InfoValid$CodeDefaultPageUser_getptd_itow_s
                                                                                                                                                                                                    • String ID: Norwegian-Nynorsk
                                                                                                                                                                                                    • API String ID: 2273835618-461349085
                                                                                                                                                                                                    • Opcode ID: cf4e325a6d4d68f7bfb079dc3385f1bf38945245c1b1c03b25c738e8f555b466
                                                                                                                                                                                                    • Instruction ID: a07dfec10099421ea6fc8f253de66eebcff35caab3681e723f42933fe004d048
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf4e325a6d4d68f7bfb079dc3385f1bf38945245c1b1c03b25c738e8f555b466
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C617A23A0878AA6FB659F29D4003B92AE4EF44B44F084935DF4D8A7DADF7CE851C300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB0D44 Relevance: 15.1, APIs: 10, Instructions: 106COMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF67FF6B0AB0D44(signed int __ecx, void* __edi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t45;
				void* _t59;
				void* _t63;
				signed int* _t69;
				signed int* _t70;
				long long _t71;
				signed long long _t85;
				void* _t86;
				signed long long _t88;

				_t83 = __r8;
				_t79 = __rbp;
				_t77 = __rsi;
				_t74 = __rdx;
				_t73 = __rcx;
				_t71 = __rbx;
				_t59 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				_t86 = __rdx;
				_t76 = __ecx;
				if (__edi != 0xfffffffe) goto 0xb0ab0d89;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax = 0;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab0e9e;
				if (__edi < 0) goto 0xb0ab0e75;
				_t63 = _t59 -  *0xb0ae89c0; // 0x20
				if (_t63 >= 0) goto 0xb0ab0e75;
				_t88 = __ecx >> 5;
				r12d = r12d & 0x0000001f;
				_t85 = __ecx * 0x58;
				_t69 =  *((intOrPtr*)(0xb0ae89e0 + _t88 * 8));
				if (_t63 != 0) goto 0xb0ab0df5;
				E00007FF67FF6B0AA78CC(_t69);
				 *_t69 = 0;
				E00007FF67FF6B0AA78AC(_t69);
				 *_t69 = 9;
				_v56 = __rbx;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t69, __rbx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0xb0ab0e9e;
				if ((0 | r8d - 0x7fffffff < 0x00000000) != 0) goto 0xb0ab0e30;
				E00007FF67FF6B0AA78CC(_t69);
				 *_t69 = 0;
				E00007FF67FF6B0AA78AC(_t69);
				 *_t69 = 0x16;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t69, _t71, _t73, _t74, _t77, _t79, _t83);
				goto 0xb0ab0e9e;
				_t34 = E00007FF67FF6B0AB593C(0, __edi, _t71, _t76, _t77, _t85);
				_t70 =  *((intOrPtr*)(0xb0ae89e0 + _t88 * 8));
				if (( *(_t70 + _t85 + 8) & 0x00000001) == 0) goto 0xb0ab0e55;
				_t45 = E00007FF67FF6B0AB05C4(_t34, _t59, r8d, _t86, _t83);
				goto 0xb0ab0e6a;
				E00007FF67FF6B0AA78AC(_t70);
				 *_t70 = 9;
				E00007FF67FF6B0AA78CC(_t70);
				 *_t70 = _t45;
				E00007FF67FF6B0AB59E4();
				goto 0xb0ab0e9e;
				E00007FF67FF6B0AA78CC(_t70);
				 *_t70 = _t45 | 0xffffffff;
				E00007FF67FF6B0AA78AC(_t70);
				 *_t70 = 9;
				_v56 = _t71;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t70, _t71, _t73, _t86, _t77, _t79, _t83) | 0xffffffff;
			}
















                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d44
                                                                                                                                                                                                    0x7ff6b0ab0d49
                                                                                                                                                                                                    0x7ff6b0ab0d4e
                                                                                                                                                                                                    0x7ff6b0ab0d62
                                                                                                                                                                                                    0x7ff6b0ab0d65
                                                                                                                                                                                                    0x7ff6b0ab0d6b
                                                                                                                                                                                                    0x7ff6b0ab0d6d
                                                                                                                                                                                                    0x7ff6b0ab0d74
                                                                                                                                                                                                    0x7ff6b0ab0d76
                                                                                                                                                                                                    0x7ff6b0ab0d7b
                                                                                                                                                                                                    0x7ff6b0ab0d84
                                                                                                                                                                                                    0x7ff6b0ab0d8d
                                                                                                                                                                                                    0x7ff6b0ab0d93
                                                                                                                                                                                                    0x7ff6b0ab0d99
                                                                                                                                                                                                    0x7ff6b0ab0da5
                                                                                                                                                                                                    0x7ff6b0ab0db0
                                                                                                                                                                                                    0x7ff6b0ab0db4
                                                                                                                                                                                                    0x7ff6b0ab0db8
                                                                                                                                                                                                    0x7ff6b0ab0dc5
                                                                                                                                                                                                    0x7ff6b0ab0dc7
                                                                                                                                                                                                    0x7ff6b0ab0dcc
                                                                                                                                                                                                    0x7ff6b0ab0dce
                                                                                                                                                                                                    0x7ff6b0ab0dd3
                                                                                                                                                                                                    0x7ff6b0ab0dd9
                                                                                                                                                                                                    0x7ff6b0ab0dde
                                                                                                                                                                                                    0x7ff6b0ab0de1
                                                                                                                                                                                                    0x7ff6b0ab0de8
                                                                                                                                                                                                    0x7ff6b0ab0df0
                                                                                                                                                                                                    0x7ff6b0ab0e03
                                                                                                                                                                                                    0x7ff6b0ab0e05
                                                                                                                                                                                                    0x7ff6b0ab0e0a
                                                                                                                                                                                                    0x7ff6b0ab0e0c
                                                                                                                                                                                                    0x7ff6b0ab0e11
                                                                                                                                                                                                    0x7ff6b0ab0e17
                                                                                                                                                                                                    0x7ff6b0ab0e1c
                                                                                                                                                                                                    0x7ff6b0ab0e1f
                                                                                                                                                                                                    0x7ff6b0ab0e26
                                                                                                                                                                                                    0x7ff6b0ab0e2e
                                                                                                                                                                                                    0x7ff6b0ab0e32
                                                                                                                                                                                                    0x7ff6b0ab0e38
                                                                                                                                                                                                    0x7ff6b0ab0e42
                                                                                                                                                                                                    0x7ff6b0ab0e51
                                                                                                                                                                                                    0x7ff6b0ab0e53
                                                                                                                                                                                                    0x7ff6b0ab0e55
                                                                                                                                                                                                    0x7ff6b0ab0e5a
                                                                                                                                                                                                    0x7ff6b0ab0e60
                                                                                                                                                                                                    0x7ff6b0ab0e65
                                                                                                                                                                                                    0x7ff6b0ab0e6c
                                                                                                                                                                                                    0x7ff6b0ab0e73
                                                                                                                                                                                                    0x7ff6b0ab0e75
                                                                                                                                                                                                    0x7ff6b0ab0e7a
                                                                                                                                                                                                    0x7ff6b0ab0e7c
                                                                                                                                                                                                    0x7ff6b0ab0e81
                                                                                                                                                                                                    0x7ff6b0ab0e87
                                                                                                                                                                                                    0x7ff6b0ab0e8c
                                                                                                                                                                                                    0x7ff6b0ab0e8f
                                                                                                                                                                                                    0x7ff6b0ab0eb5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: ae8c6979646cd0df4c87d9af4eb6b8836ed11e81636247d6cf9537f00f559d2d
                                                                                                                                                                                                    • Instruction ID: 4620a4bce734a00a401b9434d939aa2f4e0dd496dacf61e1ccbbad08568e9e36
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae8c6979646cd0df4c87d9af4eb6b8836ed11e81636247d6cf9537f00f559d2d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E418133E2825266E3216F789C81A3E7E51AB84760F659E34E729877D3CE3CE4408700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AABD28 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                    			E00007FF67FF6B0AABD28(void* __ecx, long long __rbx, long long __rdi, void* __rsi, void* __rbp, void* __r9, long long __r13, long long _a8, void* _a16, long long _a24, long long _a32) {
				signed int _v24;
				void* _t38;
				void* _t47;
				void* _t68;
				void* _t93;
				void* _t104;
				void* _t122;
				void* _t131;

				_t131 = __r9;
				_t118 = __rbp;
				_t117 = __rsi;
				_a8 = __rbx;
				_a24 = __rdi;
				_a32 = __r13;
				_t68 = __ecx;
				if (__ecx ==  *0xb0ae0820) goto 0xb0aabd5a;
				if (1 - 0x17 < 0) goto 0xb0aabd4b;
				if (1 - 0x17 >= 0) goto 0xb0aabf37;
				if (E00007FF67FF6B0AB1C68(3, 0x7ff6b0ae0830, __rbx, _t93, _t104, __rsi, __rbp, _t122) == 1) goto 0xb0aabef2;
				if (E00007FF67FF6B0AB1C68(3, 0x7ff6b0ae0830, __rbx, _t93, _t104, __rsi, __rbp, _t122) != 0) goto 0xb0aabd91;
				if ( *0xb0ae0188 == 1) goto 0xb0aabef2;
				if (_t68 == 0xfc) goto 0xb0aabf37;
				r13d = 0x314;
				if (E00007FF67FF6B0AAB72C(0x7ff6b0ae0830, 0xb0ae3660, __r13, __rsi, __rbp, "Runtime Error!\n\nProgram: ") == 0) goto 0xb0aabdd5;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				r8d = 0x104;
				 *0xb0ae377d = 0;
				if (GetModuleFileNameA(??, ??, ??) != 0) goto 0xb0aabe26;
				if (E00007FF67FF6B0AAB72C(0x7ff6b0ae0830, 0xb0ae3679, 0xb0ae3679, __rsi, __rbp, "<program name unknown>") == 0) goto 0xb0aabe26;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				_t38 = E00007FF67FF6B0AA70C0(E00007FF67FF6B0AA4308(), 0xb0ae3679);
				if (0x7ff6b0ae0831 - 0x3c <= 0) goto 0xb0aabe81;
				E00007FF67FF6B0AA70C0(_t38, 0xb0ae3679);
				r9d = 3;
				if (E00007FF67FF6B0AB38DC(0x7ff6b0ae0831, 0xffed615c3e6f, 0xffff80094f51fb05, _t117, _t118, "...", _t131) == 0) goto 0xb0aabe81;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				if (E00007FF67FF6B0AB3850(0x7ff6b0ae0831, 0xb0ae3660, __r13, _t117, _t118, "\n\n") == 0) goto 0xb0aabeac;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				if (E00007FF67FF6B0AB3850(0x7ff6b0ae0831, 0xb0ae3660, __r13, _t117, _t118,  *0x7FF6B0AE0838) == 0) goto 0xb0aabedb;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				r8d = 0x12010;
				E00007FF67FF6B0AB4B80(0x7ff6b0ae0831, __rbx, 0xb0ae3660, "Microsoft Visual C++ Runtime Library", _t118, _t131);
				goto 0xb0aabf37;
				_t47 = GetStdHandle(??);
				if (0x7ff6b0ae0831 == 0) goto 0xb0aabf37;
				if (0x7ff6b0ae0831 == 0xffffffff) goto 0xb0aabf37;
				E00007FF67FF6B0AA70C0(_t47,  *((intOrPtr*)(0x7ff6b0ae0838)));
				_v24 = _v24 & 0x00000000;
				return WriteFile(??, ??, ??, ??, ??);
			}











                                                                                                                                                                                                    0x7ff6b0aabd28
                                                                                                                                                                                                    0x7ff6b0aabd28
                                                                                                                                                                                                    0x7ff6b0aabd28
                                                                                                                                                                                                    0x7ff6b0aabd28
                                                                                                                                                                                                    0x7ff6b0aabd2d
                                                                                                                                                                                                    0x7ff6b0aabd32
                                                                                                                                                                                                    0x7ff6b0aabd44
                                                                                                                                                                                                    0x7ff6b0aabd4d
                                                                                                                                                                                                    0x7ff6b0aabd58
                                                                                                                                                                                                    0x7ff6b0aabd5d
                                                                                                                                                                                                    0x7ff6b0aabd70
                                                                                                                                                                                                    0x7ff6b0aabd82
                                                                                                                                                                                                    0x7ff6b0aabd8b
                                                                                                                                                                                                    0x7ff6b0aabd97
                                                                                                                                                                                                    0x7ff6b0aabda4
                                                                                                                                                                                                    0x7ff6b0aabdbe
                                                                                                                                                                                                    0x7ff6b0aabdc0
                                                                                                                                                                                                    0x7ff6b0aabdc6
                                                                                                                                                                                                    0x7ff6b0aabdc9
                                                                                                                                                                                                    0x7ff6b0aabdd0
                                                                                                                                                                                                    0x7ff6b0aabddc
                                                                                                                                                                                                    0x7ff6b0aabde4
                                                                                                                                                                                                    0x7ff6b0aabdf3
                                                                                                                                                                                                    0x7ff6b0aabe0f
                                                                                                                                                                                                    0x7ff6b0aabe11
                                                                                                                                                                                                    0x7ff6b0aabe17
                                                                                                                                                                                                    0x7ff6b0aabe1a
                                                                                                                                                                                                    0x7ff6b0aabe2d
                                                                                                                                                                                                    0x7ff6b0aabe39
                                                                                                                                                                                                    0x7ff6b0aabe42
                                                                                                                                                                                                    0x7ff6b0aabe5a
                                                                                                                                                                                                    0x7ff6b0aabe6a
                                                                                                                                                                                                    0x7ff6b0aabe6c
                                                                                                                                                                                                    0x7ff6b0aabe72
                                                                                                                                                                                                    0x7ff6b0aabe75
                                                                                                                                                                                                    0x7ff6b0aabe7c
                                                                                                                                                                                                    0x7ff6b0aabe95
                                                                                                                                                                                                    0x7ff6b0aabe97
                                                                                                                                                                                                    0x7ff6b0aabe9d
                                                                                                                                                                                                    0x7ff6b0aabea0
                                                                                                                                                                                                    0x7ff6b0aabea7
                                                                                                                                                                                                    0x7ff6b0aabec4
                                                                                                                                                                                                    0x7ff6b0aabec6
                                                                                                                                                                                                    0x7ff6b0aabecc
                                                                                                                                                                                                    0x7ff6b0aabecf
                                                                                                                                                                                                    0x7ff6b0aabed6
                                                                                                                                                                                                    0x7ff6b0aabee2
                                                                                                                                                                                                    0x7ff6b0aabeeb
                                                                                                                                                                                                    0x7ff6b0aabef0
                                                                                                                                                                                                    0x7ff6b0aabef7
                                                                                                                                                                                                    0x7ff6b0aabf03
                                                                                                                                                                                                    0x7ff6b0aabf09
                                                                                                                                                                                                    0x7ff6b0aabf16
                                                                                                                                                                                                    0x7ff6b0aabf20
                                                                                                                                                                                                    0x7ff6b0aabf4c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF6B0AABF84,?,?,?,?,00007FF6B0AA48E5,?,?,00000000,00007FF6B0AAA598), ref: 00007FF6B0AABDEB
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(?,?,?,?,?,00007FF6B0AABF84,?,?,?,?,00007FF6B0AA48E5,?,?,00000000,00007FF6B0AAA598), ref: 00007FF6B0AABEF7
                                                                                                                                                                                                    • WriteFile.KERNEL32 ref: 00007FF6B0AABF31
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                    • API String ID: 3784150691-4022980321
                                                                                                                                                                                                    • Opcode ID: bdf2f308c5beea1c5eb5347bd727d01a46f02e2dd6c2599cccca75c08203b709
                                                                                                                                                                                                    • Instruction ID: 80682612b2ca4a845119d79e0391d7cd460dcca450d8b3fdc7ce646cdc086ab1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdf2f308c5beea1c5eb5347bd727d01a46f02e2dd6c2599cccca75c08203b709
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F651B123A2864361FB24973999557BA2A91BF84394F644A36EF4DC6BD3CF3CE1058600
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB55B0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB560A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB561C
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB5667
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF6B0AB56CC
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _FF_MSGBANNER.LIBCMT ref: 00007FF6B0AA48E0
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6B0AAA598,?,?,00000000,00007FF6B0AAFED9,?,?,?,00007FF6B0AAFF83), ref: 00007FF6B0AA4905
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _errno.LIBCMT ref: 00007FF6B0AA4929
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AA48B0: _errno.LIBCMT ref: 00007FF6B0AA4934
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB56F9
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB5733
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AB5747
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,00001004,00000000,?,00007FF6B0AB57DA), ref: 00007FF6B0AB575D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale$_errno$AllocateByteCharErrorHeapLastMultiWidefreemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4202622830-0
                                                                                                                                                                                                    • Opcode ID: fe5207ceeda70ec711b59715bf62eec6586ad5d6bb0a9c1674ed90db119e1240
                                                                                                                                                                                                    • Instruction ID: e33b9b6e28f991d0966958d3b8ece720a5114a129090f2fa8922d4978d2732da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5207ceeda70ec711b59715bf62eec6586ad5d6bb0a9c1674ed90db119e1240
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D51E733A08686A6E7108F29E45066D3B91FB447A4F980E31EB1E93BD6CF7CE9408300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA4050 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                                                                    			E00007FF67FF6B0AA4050(signed int __ecx, void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				signed long long _v24;
				void* __rbx;
				void* _t16;
				intOrPtr* _t23;
				void* _t24;
				void* _t27;
				void* _t29;
				void* _t30;

				_t27 = __rdx;
				_t16 = __rcx -  *0xb0ae0430; // 0x449f37dbf1f
				if (_t16 != 0) goto 0xb0aa406a;
				asm("dec eax");
				if ((__ecx & 0x0000ffff) != 0) goto 0xb0aa4066;
				asm("repe ret");
				asm("dec eax");
				goto 0xb0aab5e0;
				asm("int3");
				_push(_t24);
				_t23 = __r8;
				if (__r9 == 0) goto 0xb0aa40c9;
				if (__rcx != 0) goto 0xb0aa40a8;
				E00007FF67FF6B0AA78AC(__r8);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *__r8 = 0x16;
				E00007FF67FF6B0AA4430(__r8, _t24, __rcx, __rdx, _t29, _t30, __r8);
				goto 0xb0aa40cb;
				if (_t23 == 0) goto 0xb0aa4083;
				if (_t27 - __r9 >= 0) goto 0xb0aa40be;
				E00007FF67FF6B0AA78AC(_t23);
				goto 0xb0aa408d;
				E00007FF67FF6B0AAAE90(0, _t27 - __r9, _t26, _t23, __r9);
				return 0;
			}











                                                                                                                                                                                                    0x7ff6b0aa4050
                                                                                                                                                                                                    0x7ff6b0aa4050
                                                                                                                                                                                                    0x7ff6b0aa4057
                                                                                                                                                                                                    0x7ff6b0aa4059
                                                                                                                                                                                                    0x7ff6b0aa4062
                                                                                                                                                                                                    0x7ff6b0aa4064
                                                                                                                                                                                                    0x7ff6b0aa4066
                                                                                                                                                                                                    0x7ff6b0aa406a
                                                                                                                                                                                                    0x7ff6b0aa406f
                                                                                                                                                                                                    0x7ff6b0aa4070
                                                                                                                                                                                                    0x7ff6b0aa4076
                                                                                                                                                                                                    0x7ff6b0aa407c
                                                                                                                                                                                                    0x7ff6b0aa4081
                                                                                                                                                                                                    0x7ff6b0aa4083
                                                                                                                                                                                                    0x7ff6b0aa408d
                                                                                                                                                                                                    0x7ff6b0aa4093
                                                                                                                                                                                                    0x7ff6b0aa4096
                                                                                                                                                                                                    0x7ff6b0aa409d
                                                                                                                                                                                                    0x7ff6b0aa409f
                                                                                                                                                                                                    0x7ff6b0aa40a6
                                                                                                                                                                                                    0x7ff6b0aa40ab
                                                                                                                                                                                                    0x7ff6b0aa40b0
                                                                                                                                                                                                    0x7ff6b0aa40b2
                                                                                                                                                                                                    0x7ff6b0aa40bc
                                                                                                                                                                                                    0x7ff6b0aa40c4
                                                                                                                                                                                                    0x7ff6b0aa40d0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3778485334-0
                                                                                                                                                                                                    • Opcode ID: e14f49882a9b6dccd73c3a84256284ea3c026c336a414e1e863b8d0485961774
                                                                                                                                                                                                    • Instruction ID: ee39092d8880bd1baf2ce9a0527ba74167bae8b5832188df49e1d3e4d0533b9a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e14f49882a9b6dccd73c3a84256284ea3c026c336a414e1e863b8d0485961774
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06312C3792DB46A5EB509B59F8443B97BA0FB84744FA00A39DB8D827A6DF7CE044C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ABA758 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF67FF6B0ABA758(void* __eflags, long long __rbx, char* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t68;
				void* _t70;
				signed int _t99;
				signed int _t103;
				void* _t122;
				intOrPtr* _t129;
				intOrPtr _t130;
				signed long long _t136;
				char* _t138;
				char* _t154;
				char* _t155;
				char* _t160;
				long long _t167;
				intOrPtr* _t168;
				intOrPtr* _t170;
				void* _t171;
				void* _t179;
				long long _t181;
				void* _t183;

				_t173 = __r8;
				_t163 = __rsi;
				_t129 = _t170;
				 *((long long*)(_t129 + 8)) = __rbx;
				 *((long long*)(_t129 + 0x10)) = _t167;
				 *((long long*)(_t129 + 0x18)) = __rsi;
				 *((long long*)(_t129 + 0x20)) = __rdi;
				_t171 = _t170 - 0x50;
				_t179 = __rdx;
				_t160 = __rcx;
				r15d = r9d;
				_t136 = r8d;
				E00007FF67FF6B0AA4E5C(_t129, _t129 - 0x38,  *((intOrPtr*)(_t171 + 0xa0)));
				r13d = 0;
				if (__rcx != _t181) goto 0xb0aba7d3;
				E00007FF67FF6B0AA78AC(_t129);
				_t7 = _t181 + 0x16; // 0x16
				r9d = 0;
				r8d = 0;
				 *_t129 = _t7;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF67FF6B0AA4430(_t129, _t136, _t129 - 0x38,  *((intOrPtr*)(_t171 + 0xa0)), __rsi, _t167, __r8, _t183, _t181);
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0xb0aba7cc;
				 *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0aba990;
				if (_t179 - _t181 > 0) goto 0xb0aba80d;
				E00007FF67FF6B0AA78AC(_t129);
				r9d = 0;
				r8d = 0;
				 *_t129 = 0x16;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF67FF6B0AA4430(_t129, _t136,  *((intOrPtr*)(_t171 + 0x40)),  *((intOrPtr*)(_t171 + 0xa0)), _t163, _t167, _t173);
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0xb0aba7cc;
				_t130 =  *((intOrPtr*)(_t171 + 0x40));
				 *(_t130 + 0xc8) =  *(_t130 + 0xc8) & 0xfffffffd;
				goto 0xb0aba7cc;
				_t67 =  >  ? 0x16 : r13d;
				_t68 = ( >  ? 0x16 : r13d) + 9;
				if (_t179 - _t130 > 0) goto 0xb0aba82f;
				_t70 = E00007FF67FF6B0AA78AC(_t130);
				goto 0xb0aba7a3;
				_t168 =  *((intOrPtr*)(_t171 + 0x90));
				if ( *((intOrPtr*)(_t171 + 0x98)) == r13b) goto 0xb0aba877;
				sil =  *_t168 == 0x2d;
				r13b = 0x22 > 0;
				if (r13d == 0) goto 0xb0aba874;
				E00007FF67FF6B0AA70C0(_t70, _t181 + _t160);
				_t20 = _t130 + 1; // 0x1
				E00007FF67FF6B0AAAE90(0, r13d, r13d + _t181 + _t160, _t181 + _t160, _t20);
				r13d = 0;
				if ( *_t168 != 0x2d) goto 0xb0aba887;
				 *_t160 = 0x2d;
				_t154 = _t160 + 1;
				if (0x22 - r13d <= 0) goto 0xb0aba8a7;
				 *_t154 =  *((intOrPtr*)(_t154 + 1));
				_t155 = _t154 + 1;
				 *_t155 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t171 + 0x30)) + 0x128))))));
				_t138 = _t136 + _t155 + _t181;
				_t157 =  ==  ? _t179 : _t179 + _t160 - _t138;
				if (E00007FF67FF6B0AAB72C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t171 + 0x30)) + 0x128)))), _t138,  ==  ? _t179 : _t179 + _t160 - _t138, _t181 + _t160, _t168, "e+000") == r13d) goto 0xb0aba8f2;
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t171 + 0x20)) = _t181;
				E00007FF67FF6B0AA4308();
				if (r15d == r13d) goto 0xb0aba8fe;
				 *_t138 = 0x45;
				_t122 =  *((char*)( *((intOrPtr*)(_t168 + 0x10)))) - 0x30;
				if (_t122 == 0) goto 0xb0aba95e;
				r8d =  *(_t168 + 4);
				r8d = r8d - 1;
				if (_t122 >= 0) goto 0xb0aba918;
				r8d =  ~r8d;
				 *((char*)(_t138 + 1)) = 0x2d;
				if (r8d - 0x64 < 0) goto 0xb0aba939;
				_t99 = (0x51eb851f * r8d >> 0x20 >> 5) + (0x51eb851f * r8d >> 0x20 >> 5 >> 0x1f);
				 *((intOrPtr*)(_t138 + 2)) =  *((intOrPtr*)(_t138 + 2)) + _t99;
				r8d = r8d + _t99 * 0xffffff9c;
				if (r8d - 0xa < 0) goto 0xb0aba95a;
				_t103 = (0x66666667 * r8d >> 0x20 >> 2) + (0x66666667 * r8d >> 0x20 >> 2 >> 0x1f);
				 *((intOrPtr*)(_t138 + 3)) =  *((intOrPtr*)(_t138 + 3)) + _t103;
				r8d = r8d + _t103 * 0xfffffff6;
				 *((intOrPtr*)(_t138 + 4)) =  *((intOrPtr*)(_t138 + 4)) + r8b;
				if (( *0xb0ae4108 & 0x00000001) == 0) goto 0xb0aba97b;
				if ( *((char*)(_t138 + 2)) != 0x30) goto 0xb0aba97b;
				r8d = 3;
				E00007FF67FF6B0AAAE90(0,  *((char*)(_t138 + 2)) - 0x30, _t138 + 2, _t138 + 3, "e+000");
				if ( *((intOrPtr*)(_t171 + 0x48)) == r13b) goto 0xb0aba98e;
				 *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t171 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}






















                                                                                                                                                                                                    0x7ff6b0aba758
                                                                                                                                                                                                    0x7ff6b0aba758
                                                                                                                                                                                                    0x7ff6b0aba758
                                                                                                                                                                                                    0x7ff6b0aba75b
                                                                                                                                                                                                    0x7ff6b0aba75f
                                                                                                                                                                                                    0x7ff6b0aba763
                                                                                                                                                                                                    0x7ff6b0aba767
                                                                                                                                                                                                    0x7ff6b0aba771
                                                                                                                                                                                                    0x7ff6b0aba775
                                                                                                                                                                                                    0x7ff6b0aba780
                                                                                                                                                                                                    0x7ff6b0aba787
                                                                                                                                                                                                    0x7ff6b0aba78a
                                                                                                                                                                                                    0x7ff6b0aba78d
                                                                                                                                                                                                    0x7ff6b0aba792
                                                                                                                                                                                                    0x7ff6b0aba798
                                                                                                                                                                                                    0x7ff6b0aba79a
                                                                                                                                                                                                    0x7ff6b0aba79f
                                                                                                                                                                                                    0x7ff6b0aba7a3
                                                                                                                                                                                                    0x7ff6b0aba7a6
                                                                                                                                                                                                    0x7ff6b0aba7ad
                                                                                                                                                                                                    0x7ff6b0aba7af
                                                                                                                                                                                                    0x7ff6b0aba7b4
                                                                                                                                                                                                    0x7ff6b0aba7be
                                                                                                                                                                                                    0x7ff6b0aba7c5
                                                                                                                                                                                                    0x7ff6b0aba7ce
                                                                                                                                                                                                    0x7ff6b0aba7d6
                                                                                                                                                                                                    0x7ff6b0aba7d8
                                                                                                                                                                                                    0x7ff6b0aba7e2
                                                                                                                                                                                                    0x7ff6b0aba7e5
                                                                                                                                                                                                    0x7ff6b0aba7ec
                                                                                                                                                                                                    0x7ff6b0aba7ee
                                                                                                                                                                                                    0x7ff6b0aba7f3
                                                                                                                                                                                                    0x7ff6b0aba7fd
                                                                                                                                                                                                    0x7ff6b0aba7ff
                                                                                                                                                                                                    0x7ff6b0aba804
                                                                                                                                                                                                    0x7ff6b0aba80b
                                                                                                                                                                                                    0x7ff6b0aba813
                                                                                                                                                                                                    0x7ff6b0aba816
                                                                                                                                                                                                    0x7ff6b0aba81e
                                                                                                                                                                                                    0x7ff6b0aba820
                                                                                                                                                                                                    0x7ff6b0aba82a
                                                                                                                                                                                                    0x7ff6b0aba82f
                                                                                                                                                                                                    0x7ff6b0aba83f
                                                                                                                                                                                                    0x7ff6b0aba848
                                                                                                                                                                                                    0x7ff6b0aba851
                                                                                                                                                                                                    0x7ff6b0aba858
                                                                                                                                                                                                    0x7ff6b0aba85d
                                                                                                                                                                                                    0x7ff6b0aba868
                                                                                                                                                                                                    0x7ff6b0aba86f
                                                                                                                                                                                                    0x7ff6b0aba874
                                                                                                                                                                                                    0x7ff6b0aba87e
                                                                                                                                                                                                    0x7ff6b0aba880
                                                                                                                                                                                                    0x7ff6b0aba883
                                                                                                                                                                                                    0x7ff6b0aba88a
                                                                                                                                                                                                    0x7ff6b0aba88f
                                                                                                                                                                                                    0x7ff6b0aba896
                                                                                                                                                                                                    0x7ff6b0aba8a5
                                                                                                                                                                                                    0x7ff6b0aba8bf
                                                                                                                                                                                                    0x7ff6b0aba8d0
                                                                                                                                                                                                    0x7ff6b0aba8dc
                                                                                                                                                                                                    0x7ff6b0aba8de
                                                                                                                                                                                                    0x7ff6b0aba8e1
                                                                                                                                                                                                    0x7ff6b0aba8e8
                                                                                                                                                                                                    0x7ff6b0aba8ed
                                                                                                                                                                                                    0x7ff6b0aba8f9
                                                                                                                                                                                                    0x7ff6b0aba8fb
                                                                                                                                                                                                    0x7ff6b0aba902
                                                                                                                                                                                                    0x7ff6b0aba905
                                                                                                                                                                                                    0x7ff6b0aba907
                                                                                                                                                                                                    0x7ff6b0aba90b
                                                                                                                                                                                                    0x7ff6b0aba90f
                                                                                                                                                                                                    0x7ff6b0aba911
                                                                                                                                                                                                    0x7ff6b0aba914
                                                                                                                                                                                                    0x7ff6b0aba91c
                                                                                                                                                                                                    0x7ff6b0aba92e
                                                                                                                                                                                                    0x7ff6b0aba930
                                                                                                                                                                                                    0x7ff6b0aba936
                                                                                                                                                                                                    0x7ff6b0aba93d
                                                                                                                                                                                                    0x7ff6b0aba94f
                                                                                                                                                                                                    0x7ff6b0aba951
                                                                                                                                                                                                    0x7ff6b0aba957
                                                                                                                                                                                                    0x7ff6b0aba95a
                                                                                                                                                                                                    0x7ff6b0aba965
                                                                                                                                                                                                    0x7ff6b0aba96a
                                                                                                                                                                                                    0x7ff6b0aba970
                                                                                                                                                                                                    0x7ff6b0aba976
                                                                                                                                                                                                    0x7ff6b0aba980
                                                                                                                                                                                                    0x7ff6b0aba987
                                                                                                                                                                                                    0x7ff6b0aba9ae

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer_getptd
                                                                                                                                                                                                    • String ID: -$e+000$gfff
                                                                                                                                                                                                    • API String ID: 2834218312-2620144452
                                                                                                                                                                                                    • Opcode ID: 6a11d317345159555b390f4911d319f69cbeb2ee95697cea1cf0a9819997a2cf
                                                                                                                                                                                                    • Instruction ID: 3627afafc569ae58050e5186fb85026470297c392f1c2b99445c09550ebdf080
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a11d317345159555b390f4911d319f69cbeb2ee95697cea1cf0a9819997a2cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58614427A186C566E7248B2C98412AE7FA1FB95B88F188671DB5C87BC7CF3DD445C300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACB6B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 149stringprocessCOMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                                                                    			E00007FF67FF6B0ACB6B0(void* __ebx, signed int __ecx, void* __rax, signed long long* __rcx, void* __rdx, void* __r8, signed long long __r9, void* __r11, long long _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40, char _a48, intOrPtr _a56, long long _a72, long long _a80, long long _a88, char _a96, intOrPtr _a104, long long _a128, char _a136, char _a144, intOrPtr _a196, char _a200, char _a248, char _a256, long long _a272, long long _a280, char _a296, signed int _a65832) {
				intOrPtr _v0;
				intOrPtr _v8;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t79;
				signed long long _t114;
				signed long long _t115;
				void* _t119;
				void* _t145;
				void* _t150;
				void* _t151;
				long long _t152;
				void* _t153;
				signed long long _t159;
				void* _t161;
				long long _t163;

				_t159 = __r9;
				_t92 = __ecx;
				E00007FF67FF6B0ACC0A0(0x10160, __rax, _t161, __r11);
				_t154 = _t153 - __rax;
				_a88 = 0xfffffffe;
				_t114 =  *0xb0ae0430; // 0x449f37dbf1f
				_t115 = _t114 ^ _t153 - __rax;
				_a65832 = _t115;
				_t151 = __r8;
				_t119 = __rdx;
				_t152 = __rcx;
				r12d = 0;
				_a40 = r12d;
				 *__rcx = _t115;
				__rcx[1] = _t115;
				__rcx[2] = _t115;
				_a136 = 0x68;
				_t7 = _t163 + 0x60; // 0x60
				r8d = _t7;
				E00007FF67FF6B0AAB240(0, __ecx, 0,  &_a144, __rdx, __r8);
				_a196 = 1;
				_a200 = r12w;
				if ( *((intOrPtr*)(__r8 + 0x18)) == _t150) goto 0xb0acb900;
				_t12 = _t163 + 1; // 0x1
				r9d = _t12;
				r8d = 0;
				E00007FF67FF6B0A94AA0(_t159);
				if (_t115 == 0xffffffff) goto 0xb0acb79d;
				E00007FF67FF6B0A96580(0, _t115 - 0xffffffff, _t115, __rdx,  &_a96, "\"", __r8, __rcx, __rdx, _t159, _t163);
				_a40 = 1;
				E00007FF67FF6B0A96650(0, _t115 - 0xffffffff, _t115, _t119,  &_a48, _t115, _t151, "\"", _t159);
				_a40 = 3;
				goto 0xb0acb7a0;
				_a280 = 7;
				_a272 = _t163;
				_a256 = r12w;
				r8d = 0;
				E00007FF67FF6B0A92390(_t119,  &_a248, _t119, _t150, _t151, _t152, "\"", _t159 | 0xffffffff);
				if ((dil & 0x00000002) == 0) goto 0xb0acb804;
				if (_a80 - 8 < 0) goto 0xb0acb7f0;
				E00007FF67FF6B0AA44D8(_t119, _t119, _a56, _t119, _t151, "\"", _t159 | 0xffffffff);
				_a80 = 7;
				_a72 = _t163;
				_a56 = r12w;
				if ((dil & 0x00000001) == 0) goto 0xb0acb822;
				if (_a128 - 8 < 0) goto 0xb0acb822;
				_t79 = E00007FF67FF6B0AA44D8(_t119, _t119, _a104, _t119, _t151, "\"", _t159 | 0xffffffff);
				r8d = 0xfffe;
				E00007FF67FF6B0AAB240(_t79, _t92, 0,  &_a296, _t119, "\"");
				_t145 =  >=  ? _a256 :  &_a256;
				lstrcpyW(??, ??);
				lstrcatW(??, ??);
				if ( *((long long*)(_t151 + 0x20)) - 8 < 0) goto 0xb0acb881;
				goto 0xb0acb885;
				lstrcatW(??, ??);
				if ( *((long long*)(_t119 + 0x20)) - 8 < 0) goto 0xb0acb8a0;
				goto 0xb0acb8a4;
				_a32 = _t152;
				_a24 =  &_a136;
				_a16 = _t163;
				_a8 = _t163;
				_v0 = r12d;
				_v8 = r12d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				if (_a280 - 8 < 0) goto 0xb0acb8fc;
				E00007FF67FF6B0AA44D8( &_a136, _t119, _a256,  &_a296, _t151, "\"", _t159 | 0xffffffff);
				goto 0xb0acb94b;
				if ( *((long long*)(_t119 + 0x20)) - 8 < 0) goto 0xb0acb90d;
				goto 0xb0acb911;
				_a32 = _t152;
				_a24 =  &_a136;
				_a16 = _t163;
				_a8 = _t163;
				_v0 = r12d;
				_v8 = r12d;
				r9d = 0;
				r8d = 0;
				CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				return E00007FF67FF6B0AA4050(_t92, _a65832 ^ _t154,  &_a296, "\"", _t159 | 0xffffffff);
			}






















                                                                                                                                                                                                    0x7ff6b0acb6b0
                                                                                                                                                                                                    0x7ff6b0acb6b0
                                                                                                                                                                                                    0x7ff6b0acb6bc
                                                                                                                                                                                                    0x7ff6b0acb6c1
                                                                                                                                                                                                    0x7ff6b0acb6c4
                                                                                                                                                                                                    0x7ff6b0acb6d0
                                                                                                                                                                                                    0x7ff6b0acb6d7
                                                                                                                                                                                                    0x7ff6b0acb6da
                                                                                                                                                                                                    0x7ff6b0acb6e2
                                                                                                                                                                                                    0x7ff6b0acb6e5
                                                                                                                                                                                                    0x7ff6b0acb6e8
                                                                                                                                                                                                    0x7ff6b0acb6eb
                                                                                                                                                                                                    0x7ff6b0acb6f1
                                                                                                                                                                                                    0x7ff6b0acb6f8
                                                                                                                                                                                                    0x7ff6b0acb6fb
                                                                                                                                                                                                    0x7ff6b0acb6ff
                                                                                                                                                                                                    0x7ff6b0acb703
                                                                                                                                                                                                    0x7ff6b0acb710
                                                                                                                                                                                                    0x7ff6b0acb710
                                                                                                                                                                                                    0x7ff6b0acb71d
                                                                                                                                                                                                    0x7ff6b0acb722
                                                                                                                                                                                                    0x7ff6b0acb72d
                                                                                                                                                                                                    0x7ff6b0acb73a
                                                                                                                                                                                                    0x7ff6b0acb740
                                                                                                                                                                                                    0x7ff6b0acb740
                                                                                                                                                                                                    0x7ff6b0acb745
                                                                                                                                                                                                    0x7ff6b0acb752
                                                                                                                                                                                                    0x7ff6b0acb75b
                                                                                                                                                                                                    0x7ff6b0acb76f
                                                                                                                                                                                                    0x7ff6b0acb775
                                                                                                                                                                                                    0x7ff6b0acb78c
                                                                                                                                                                                                    0x7ff6b0acb797
                                                                                                                                                                                                    0x7ff6b0acb79b
                                                                                                                                                                                                    0x7ff6b0acb7a0
                                                                                                                                                                                                    0x7ff6b0acb7ac
                                                                                                                                                                                                    0x7ff6b0acb7b4
                                                                                                                                                                                                    0x7ff6b0acb7c1
                                                                                                                                                                                                    0x7ff6b0acb7cf
                                                                                                                                                                                                    0x7ff6b0acb7d9
                                                                                                                                                                                                    0x7ff6b0acb7e4
                                                                                                                                                                                                    0x7ff6b0acb7eb
                                                                                                                                                                                                    0x7ff6b0acb7f0
                                                                                                                                                                                                    0x7ff6b0acb7f9
                                                                                                                                                                                                    0x7ff6b0acb7fe
                                                                                                                                                                                                    0x7ff6b0acb808
                                                                                                                                                                                                    0x7ff6b0acb813
                                                                                                                                                                                                    0x7ff6b0acb81d
                                                                                                                                                                                                    0x7ff6b0acb824
                                                                                                                                                                                                    0x7ff6b0acb832
                                                                                                                                                                                                    0x7ff6b0acb848
                                                                                                                                                                                                    0x7ff6b0acb859
                                                                                                                                                                                                    0x7ff6b0acb86e
                                                                                                                                                                                                    0x7ff6b0acb879
                                                                                                                                                                                                    0x7ff6b0acb87f
                                                                                                                                                                                                    0x7ff6b0acb88d
                                                                                                                                                                                                    0x7ff6b0acb898
                                                                                                                                                                                                    0x7ff6b0acb89e
                                                                                                                                                                                                    0x7ff6b0acb8a4
                                                                                                                                                                                                    0x7ff6b0acb8b1
                                                                                                                                                                                                    0x7ff6b0acb8b6
                                                                                                                                                                                                    0x7ff6b0acb8bb
                                                                                                                                                                                                    0x7ff6b0acb8c0
                                                                                                                                                                                                    0x7ff6b0acb8c5
                                                                                                                                                                                                    0x7ff6b0acb8ca
                                                                                                                                                                                                    0x7ff6b0acb8cd
                                                                                                                                                                                                    0x7ff6b0acb8d8
                                                                                                                                                                                                    0x7ff6b0acb8ed
                                                                                                                                                                                                    0x7ff6b0acb8f7
                                                                                                                                                                                                    0x7ff6b0acb8fe
                                                                                                                                                                                                    0x7ff6b0acb905
                                                                                                                                                                                                    0x7ff6b0acb90b
                                                                                                                                                                                                    0x7ff6b0acb911
                                                                                                                                                                                                    0x7ff6b0acb91e
                                                                                                                                                                                                    0x7ff6b0acb923
                                                                                                                                                                                                    0x7ff6b0acb928
                                                                                                                                                                                                    0x7ff6b0acb92d
                                                                                                                                                                                                    0x7ff6b0acb932
                                                                                                                                                                                                    0x7ff6b0acb937
                                                                                                                                                                                                    0x7ff6b0acb93a
                                                                                                                                                                                                    0x7ff6b0acb93f
                                                                                                                                                                                                    0x7ff6b0acb968

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateProcesslstrcat$lstrcpy
                                                                                                                                                                                                    • String ID: h
                                                                                                                                                                                                    • API String ID: 3136576379-2439710439
                                                                                                                                                                                                    • Opcode ID: 921a10a08777df4f326595dd1351c16fdca3307fa6b663e0858bbc25aff6aeb9
                                                                                                                                                                                                    • Instruction ID: 01916ce41a40dc559ae872907a897285c0e3be938c174fae5dae766b79055973
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 921a10a08777df4f326595dd1351c16fdca3307fa6b663e0858bbc25aff6aeb9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C561AF33618A81A2E7308F18E8447AABB65FB84354F504635DB9D82BEADF3DD194CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB4FCC Relevance: 10.6, APIs: 7, Instructions: 138COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                                                    			E00007FF67FF6B0AB4FCC(intOrPtr* __rax, long long __rbx, signed int* __rcx, void* __rdx, void* __r8, long long _a8, signed int _a32, intOrPtr _a40) {
				intOrPtr _v32;
				intOrPtr _v40;
				char _v56;
				long long _v88;
				void* __rsi;
				void* __rbp;
				intOrPtr* _t41;
				void* _t51;
				void* _t52;
				long long _t53;

				_t41 = __rax;
				_a8 = __rbx;
				_a32 = r9w;
				_t51 = __r8;
				_t52 = __rdx;
				if (__rdx != _t53) goto 0xb0ab5001;
				if (__r8 - _t53 <= 0) goto 0xb0ab5001;
				if (__rcx == _t53) goto 0xb0ab4ffa;
				 *__rcx = 0;
				goto 0xb0ab50a5;
				if (__rcx == _t53) goto 0xb0ab5009;
				 *__rcx =  *__rcx | 0xffffffff;
				if (__r8 - 0x7fffffff <= 0) goto 0xb0ab5036;
				E00007FF67FF6B0AA78AC(__rax);
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				_v88 = _t53;
				E00007FF67FF6B0AA4430(__rax, __rcx, __rcx, __rdx, __rdx, _t53, __r8);
				goto 0xb0ab50a5;
				E00007FF67FF6B0AA4E5C(__rax,  &_v56, _a40);
				if ( *((intOrPtr*)(_v56 + 0x14)) != 0) goto 0xb0ab5124;
				if ((_a32 & 0x0000ffff) - 0xff <= 0) goto 0xb0ab50b5;
				if (_t52 == _t53) goto 0xb0ab5080;
				if (_t51 - _t53 <= 0) goto 0xb0ab5080;
				E00007FF67FF6B0AAB240(_a32 & 0x0000ffff, 0xff, 0, _t52, _a40, _t51);
				E00007FF67FF6B0AA78AC(_t41);
				 *_t41 = 0x2a;
				E00007FF67FF6B0AA78AC(_t41);
				if (_v32 == bpl) goto 0xb0ab50a5;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				return  *_t41;
			}













                                                                                                                                                                                                    0x7ff6b0ab4fcc
                                                                                                                                                                                                    0x7ff6b0ab4fcc
                                                                                                                                                                                                    0x7ff6b0ab4fd1
                                                                                                                                                                                                    0x7ff6b0ab4fe0
                                                                                                                                                                                                    0x7ff6b0ab4fe3
                                                                                                                                                                                                    0x7ff6b0ab4fec
                                                                                                                                                                                                    0x7ff6b0ab4ff1
                                                                                                                                                                                                    0x7ff6b0ab4ff6
                                                                                                                                                                                                    0x7ff6b0ab4ff8
                                                                                                                                                                                                    0x7ff6b0ab4ffc
                                                                                                                                                                                                    0x7ff6b0ab5004
                                                                                                                                                                                                    0x7ff6b0ab5006
                                                                                                                                                                                                    0x7ff6b0ab5010
                                                                                                                                                                                                    0x7ff6b0ab5012
                                                                                                                                                                                                    0x7ff6b0ab501c
                                                                                                                                                                                                    0x7ff6b0ab501f
                                                                                                                                                                                                    0x7ff6b0ab5026
                                                                                                                                                                                                    0x7ff6b0ab5028
                                                                                                                                                                                                    0x7ff6b0ab502d
                                                                                                                                                                                                    0x7ff6b0ab5034
                                                                                                                                                                                                    0x7ff6b0ab5043
                                                                                                                                                                                                    0x7ff6b0ab5051
                                                                                                                                                                                                    0x7ff6b0ab5067
                                                                                                                                                                                                    0x7ff6b0ab506c
                                                                                                                                                                                                    0x7ff6b0ab5071
                                                                                                                                                                                                    0x7ff6b0ab507b
                                                                                                                                                                                                    0x7ff6b0ab5080
                                                                                                                                                                                                    0x7ff6b0ab5085
                                                                                                                                                                                                    0x7ff6b0ab508b
                                                                                                                                                                                                    0x7ff6b0ab5097
                                                                                                                                                                                                    0x7ff6b0ab509e
                                                                                                                                                                                                    0x7ff6b0ab50b4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$ByteCharErrorLastMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3895584640-0
                                                                                                                                                                                                    • Opcode ID: e3ab19df20f39bfc49d13db797055911675bc5e6ef2466dfda626c9a0c4a69ea
                                                                                                                                                                                                    • Instruction ID: 6354178ed52c4798a4aa5470871c4cfabc9ad70f5c39c2e10d70faab66d4d079
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3ab19df20f39bfc49d13db797055911675bc5e6ef2466dfda626c9a0c4a69ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87518423A1C6866AE770AF7CE44077E7E90EB84750F588535E79D82BC6CE6CD4818B05
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA4308 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 17%
                                                                                                                                                                                                    			E00007FF67FF6B0AA4308() {
				void* _v0;
				long long _v992;
				long long _v1088;
				char _v1240;
				long long _v1384;
				char _v1396;
				signed int _v1400;
				char _v1416;
				char _v1424;
				long long _v1432;
				long long _v1440;
				void* _v1448;
				signed long long _v1456;
				long long _v1464;
				long long _v1472;
				long long _v1480;
				void* _t30;
				int _t32;
				void* _t39;
				long long _t48;
				void* _t61;
				void* _t64;

				_v1400 = _v1400 & 0x00000000;
				r8d = 0x94;
				E00007FF67FF6B0AAB240(_t30, _t39, 0,  &_v1396, _t61, _t64);
				_t48 =  &_v1240;
				_v1440 =  &_v1400;
				_v1432 = _t48;
				__imp__RtlCaptureContext();
				r8d = 0;
				0xb0aba26c();
				if (_t48 == 0) goto 0xb0aa43a5;
				_v1456 = _v1456 & 0x00000000;
				_v1464 =  &_v1416;
				_v1472 =  &_v1424;
				_v1480 =  &_v1240;
				0xb0aba266();
				goto 0xb0aa43c5;
				_v992 = _v0;
				_v1088 =  &_v0;
				_v1400 = 0xc0000417;
				_v1396 = 1;
				_v1384 = _v0;
				_t32 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(??);
				if (UnhandledExceptionFilter(??) != 0) goto 0xb0aa4410;
				if (_t32 != 0) goto 0xb0aa4410;
				E00007FF67FF6B0AAB7A0(_t34);
				GetCurrentProcess();
				return TerminateProcess(??, ??);
			}

























                                                                                                                                                                                                    0x7ff6b0aa4311
                                                                                                                                                                                                    0x7ff6b0aa431d
                                                                                                                                                                                                    0x7ff6b0aa4323
                                                                                                                                                                                                    0x7ff6b0aa432d
                                                                                                                                                                                                    0x7ff6b0aa433d
                                                                                                                                                                                                    0x7ff6b0aa4342
                                                                                                                                                                                                    0x7ff6b0aa4347
                                                                                                                                                                                                    0x7ff6b0aa435d
                                                                                                                                                                                                    0x7ff6b0aa4360
                                                                                                                                                                                                    0x7ff6b0aa4368
                                                                                                                                                                                                    0x7ff6b0aa436a
                                                                                                                                                                                                    0x7ff6b0aa437a
                                                                                                                                                                                                    0x7ff6b0aa4387
                                                                                                                                                                                                    0x7ff6b0aa4397
                                                                                                                                                                                                    0x7ff6b0aa439e
                                                                                                                                                                                                    0x7ff6b0aa43a3
                                                                                                                                                                                                    0x7ff6b0aa43ad
                                                                                                                                                                                                    0x7ff6b0aa43bd
                                                                                                                                                                                                    0x7ff6b0aa43cd
                                                                                                                                                                                                    0x7ff6b0aa43d5
                                                                                                                                                                                                    0x7ff6b0aa43dd
                                                                                                                                                                                                    0x7ff6b0aa43e5
                                                                                                                                                                                                    0x7ff6b0aa43ef
                                                                                                                                                                                                    0x7ff6b0aa4402
                                                                                                                                                                                                    0x7ff6b0aa4406
                                                                                                                                                                                                    0x7ff6b0aa440b
                                                                                                                                                                                                    0x7ff6b0aa4410
                                                                                                                                                                                                    0x7ff6b0aa442c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1269745586-0
                                                                                                                                                                                                    • Opcode ID: 9acd44f4c9021e6a40fc53f3eba1dfe77eba2fb851b38d84d1ef46dfb6a26ca4
                                                                                                                                                                                                    • Instruction ID: 871fa797804764422112aec429fd6cc503d91b3248f288217147ce9ad0acb8cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9acd44f4c9021e6a40fc53f3eba1dfe77eba2fb851b38d84d1ef46dfb6a26ca4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B313E3260CB8692EA648B58F4447AEB7A4FB99744F500535EBCD83B9ADF7CD148CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ABAABC Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 298COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00007FF67FF6B0ABAABC(void* __eflags, long long __rbx, unsigned int* __rcx, char* __rdx, long long __rdi, void* __rsi, void* __r8, void* __r9, void* __r10, void* __r11, long long __r12) {
				void* _t93;
				char _t94;
				signed char _t95;
				signed int _t123;
				signed int _t124;
				signed int _t138;
				void* _t139;
				intOrPtr* _t176;
				signed long long _t180;
				intOrPtr* _t196;
				signed int* _t197;
				void* _t209;
				signed long long _t215;
				signed long long _t224;
				void* _t225;
				signed long long _t230;
				signed long long _t232;
				signed long long _t233;
				signed long long _t236;
				signed long long _t237;
				char* _t242;
				char* _t243;
				intOrPtr* _t244;
				void* _t245;
				intOrPtr* _t246;
				char* _t247;
				void* _t248;
				char* _t250;
				void* _t251;
				char* _t252;
				char* _t253;
				char* _t254;
				char* _t255;
				long long _t258;
				intOrPtr* _t260;
				void* _t261;
				char* _t268;
				void* _t270;
				void* _t271;
				void* _t275;
				unsigned int* _t276;
				long long _t278;
				intOrPtr* _t279;
				void* _t281;

				_t271 = __r11;
				_t270 = __r10;
				_t263 = __r8;
				_t257 = __rsi;
				_t176 = _t260;
				 *((long long*)(_t176 + 8)) = __rbx;
				 *((long long*)(_t176 + 0x10)) = _t258;
				 *((long long*)(_t176 + 0x18)) = __rdi;
				 *((long long*)(_t176 + 0x20)) = __r12;
				_t261 = _t260 - 0x50;
				_t242 = __rdx;
				_t276 = __rcx;
				_t209 = __r8;
				r15d = 0x3ff;
				r12d = 0x30;
				E00007FF67FF6B0AA4E5C(_t176, _t176 - 0x38,  *((intOrPtr*)(_t261 + 0x98)));
				r14d = 0;
				_t138 =  <  ? r14d : r9d;
				if (__rdx != _t278) goto 0xb0abab4b;
				E00007FF67FF6B0AA78AC(_t176);
				r9d = 0;
				r8d = 0;
				 *_t176 = __r12 - 0x1a;
				 *((long long*)(_t261 + 0x20)) = _t278;
				E00007FF67FF6B0AA4430(_t176, __r8, _t176 - 0x38,  *((intOrPtr*)(_t261 + 0x98)), __rsi, _t258, __r8, _t281, _t278);
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0xb0abab44;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0abaec6;
				if (_t209 - _t278 > 0) goto 0xb0abab85;
				E00007FF67FF6B0AA78AC(_t176);
				r9d = 0;
				r8d = 0;
				 *_t176 = 0x16;
				 *((long long*)(_t261 + 0x20)) = _t278;
				E00007FF67FF6B0AA4430(_t176, _t209,  *((intOrPtr*)(_t261 + 0x40)),  *((intOrPtr*)(_t261 + 0x98)), _t257, _t258, _t263);
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0xb0abab44;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0abab44;
				 *_t242 = r14b;
				_t215 = _t258 + 0xb;
				if (_t209 - _t215 > 0) goto 0xb0ababa2;
				E00007FF67FF6B0AA78AC( *((intOrPtr*)(_t261 + 0x40)));
				goto 0xb0abab1b;
				_t180 =  *_t276 >> 0x00000034 & _t215;
				if (_t180 != _t215) goto 0xb0abac56;
				_t20 = _t242 + 2; // 0x401
				_t230 = _t20;
				r9d = _t138;
				_t265 =  ==  ? _t209 : _t209 - 2;
				 *((long long*)(_t261 + 0x28)) = _t278;
				 *((intOrPtr*)(_t261 + 0x20)) = r14d;
				if (E00007FF67FF6B0ABA9B0(0x22, _t276, _t230, _t258,  ==  ? _t209 : _t209 - 2, _t275) == r14d) goto 0xb0abac04;
				 *_t242 = r14b;
				if ( *((intOrPtr*)(_t261 + 0x48)) == r14b) goto 0xb0abaec6;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0abaec6;
				if ( *((char*)(_t242 + 2)) != 0x2d) goto 0xb0abac10;
				 *_t242 = 0x2d;
				_t243 = _t242 + 1;
				 *_t243 = 0x30;
				asm("sbb cl, cl");
				 *((char*)(_t243 + 1)) = 0x158;
				_t30 = _t243 + 2; // 0x402
				E00007FF67FF6B0ABB3A4(0x65, _t30,  ==  ? _t209 : _t209 - 2);
				if (_t180 == _t278) goto 0xb0abac4c;
				asm("sbb cl, cl");
				 *_t180 = 0xb0;
				 *((intOrPtr*)(_t180 + 3)) = r14b;
				goto 0xb0abaeb6;
				if (( *_t276 & 0x00000000) == 0) goto 0xb0abac6c;
				 *_t243 = 0x2d;
				_t244 = _t243 + 1;
				r9d =  *(_t261 + 0x90);
				r11d = 0x30;
				 *_t244 = r11b;
				asm("sbb cl, cl");
				asm("sbb edx, edx");
				 *((char*)(_t244 + 1)) = 0x118;
				if (( *_t276 & 0x00000000) != 0) goto 0xb0abacd2;
				 *((intOrPtr*)(_t244 + 2)) = r11b;
				_t245 = _t244 + 3;
				asm("dec ebp");
				r15d = r15d & 0x000003fe;
				goto 0xb0abacda;
				 *((char*)(_t245 + 2)) = 0x31;
				_t246 = _t245 + 3;
				r10d = 0;
				_t279 = _t246;
				_t247 = _t246 + 1;
				if (_t138 != r10d) goto 0xb0abaced;
				 *_t279 = r10b;
				goto 0xb0abad01;
				 *_t279 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t261 + 0x30)) + 0x128))))));
				if (( *_t276 & 0xffffffff) <= 0) goto 0xb0abad9b;
				if (_t138 - r10d <= 0) goto 0xb0abad4d;
				_t93 =  ~r9d + r11w;
				if (_t93 - 0x39 <= 0) goto 0xb0abad37;
				_t94 = _t93 + 0xffffffff00000087;
				r12w = r12w + 0xfffc;
				 *_t247 = _t94;
				_t248 = _t247 + 1;
				_t139 = _t138 - 1;
				if (r12w - r10w >= 0) goto 0xb0abad15;
				if (r12w - r10w < 0) goto 0xb0abad9b;
				if (_t94 - 8 <= 0) goto 0xb0abad9b;
				_t45 = _t248 - 1; // 0x3fc
				_t196 = _t45;
				if ( *_t196 == 0x66) goto 0xb0abad77;
				if ( *_t196 != 0x46) goto 0xb0abad7f;
				 *_t196 = r11b;
				_t197 = _t196 - 1;
				goto 0xb0abad6d;
				if (_t197 == _t279) goto 0xb0abad98;
				_t123 =  *_t197;
				if (_t123 != 0x39) goto 0xb0abad92;
				 *_t197 = 0xffffffff000000c1;
				goto 0xb0abad9b;
				_t124 = _t123 + 1;
				 *_t197 = _t124;
				goto 0xb0abad9b;
				 *((char*)(_t197 - 1)) =  *((char*)(_t197 - 1)) + 1;
				if (_t139 - r10d <= 0) goto 0xb0abadc2;
				r8d = _t139;
				_t95 = E00007FF67FF6B0AAB240(_t94, _t124, r11b, _t248, _t230, 0 >> 4);
				r9d =  *(_t261 + 0x90);
				r10d = 0;
				_t49 = _t270 + 0x30; // 0x30
				r11d = _t49;
				_t250 =  ==  ? _t279 : _t248 + 0xffffffff;
				r9d =  ~r9d;
				asm("sbb al, al");
				 *_t250 = (_t95 & 0x000000e0) + 0x70;
				if ( *_t279 - r10b < 0) goto 0xb0abadf1;
				 *((char*)(_t250 + 1)) = 0x2b;
				_t251 = _t250 + 2;
				goto 0xb0abadfc;
				 *((char*)(_t251 + 1)) = 0x2d;
				_t252 = _t251 + 2;
				_t224 =  ~(( *_t276 >> 0x34) - _t281);
				_t268 = _t252;
				 *_t252 = r11b;
				if (_t224 - 0x3e8 < 0) goto 0xb0abae3e;
				_t232 = (_t230 >> 7) + (_t230 >> 7 >> 0x3f);
				_t233 = _t232 * 0xfffffc18;
				 *_t252 = _t271 + _t232;
				_t253 = _t252 + 1;
				_t225 = _t224 + _t233;
				if (_t253 != _t268) goto 0xb0abae44;
				if (_t225 - 0x64 < 0) goto 0xb0abae72;
				_t236 = (_t233 + _t225 >> 6) + (_t233 + _t225 >> 6 >> 0x3f);
				_t237 = _t236 * 0xffffff9c;
				 *_t253 = _t271 + _t236;
				_t254 = _t253 + 1;
				if (_t254 != _t268) goto 0xb0abae7d;
				if (_t225 + _t237 - 0xa < 0) goto 0xb0abaea8;
				 *_t254 = _t271 + (_t237 >> 2) + (_t237 >> 2 >> 0x3f);
				_t255 = _t254 + 1;
				 *_t255 = (_t124 & 0x000007ff) + r11b;
				 *((intOrPtr*)(_t255 + 1)) = r10b;
				if ( *((intOrPtr*)(_t261 + 0x48)) == r10b) goto 0xb0abaec4;
				 *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t261 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}















































                                                                                                                                                                                                    0x7ff6b0abaabc
                                                                                                                                                                                                    0x7ff6b0abaabc
                                                                                                                                                                                                    0x7ff6b0abaabc
                                                                                                                                                                                                    0x7ff6b0abaabc
                                                                                                                                                                                                    0x7ff6b0abaabc
                                                                                                                                                                                                    0x7ff6b0abaabf
                                                                                                                                                                                                    0x7ff6b0abaac3
                                                                                                                                                                                                    0x7ff6b0abaac7
                                                                                                                                                                                                    0x7ff6b0abaacb
                                                                                                                                                                                                    0x7ff6b0abaad5
                                                                                                                                                                                                    0x7ff6b0abaad9
                                                                                                                                                                                                    0x7ff6b0abaae4
                                                                                                                                                                                                    0x7ff6b0abaaee
                                                                                                                                                                                                    0x7ff6b0abaaf1
                                                                                                                                                                                                    0x7ff6b0abaaf7
                                                                                                                                                                                                    0x7ff6b0abaafd
                                                                                                                                                                                                    0x7ff6b0abab02
                                                                                                                                                                                                    0x7ff6b0abab08
                                                                                                                                                                                                    0x7ff6b0abab0f
                                                                                                                                                                                                    0x7ff6b0abab11
                                                                                                                                                                                                    0x7ff6b0abab1b
                                                                                                                                                                                                    0x7ff6b0abab1e
                                                                                                                                                                                                    0x7ff6b0abab25
                                                                                                                                                                                                    0x7ff6b0abab27
                                                                                                                                                                                                    0x7ff6b0abab2c
                                                                                                                                                                                                    0x7ff6b0abab36
                                                                                                                                                                                                    0x7ff6b0abab3d
                                                                                                                                                                                                    0x7ff6b0abab46
                                                                                                                                                                                                    0x7ff6b0abab4e
                                                                                                                                                                                                    0x7ff6b0abab50
                                                                                                                                                                                                    0x7ff6b0abab5a
                                                                                                                                                                                                    0x7ff6b0abab5d
                                                                                                                                                                                                    0x7ff6b0abab64
                                                                                                                                                                                                    0x7ff6b0abab66
                                                                                                                                                                                                    0x7ff6b0abab6b
                                                                                                                                                                                                    0x7ff6b0abab75
                                                                                                                                                                                                    0x7ff6b0abab7c
                                                                                                                                                                                                    0x7ff6b0abab83
                                                                                                                                                                                                    0x7ff6b0abab88
                                                                                                                                                                                                    0x7ff6b0abab8b
                                                                                                                                                                                                    0x7ff6b0abab91
                                                                                                                                                                                                    0x7ff6b0abab93
                                                                                                                                                                                                    0x7ff6b0abab9d
                                                                                                                                                                                                    0x7ff6b0ababaf
                                                                                                                                                                                                    0x7ff6b0ababb5
                                                                                                                                                                                                    0x7ff6b0ababc3
                                                                                                                                                                                                    0x7ff6b0ababc3
                                                                                                                                                                                                    0x7ff6b0ababc7
                                                                                                                                                                                                    0x7ff6b0ababcd
                                                                                                                                                                                                    0x7ff6b0ababd1
                                                                                                                                                                                                    0x7ff6b0ababd6
                                                                                                                                                                                                    0x7ff6b0ababe3
                                                                                                                                                                                                    0x7ff6b0ababe5
                                                                                                                                                                                                    0x7ff6b0ababed
                                                                                                                                                                                                    0x7ff6b0ababf8
                                                                                                                                                                                                    0x7ff6b0ababff
                                                                                                                                                                                                    0x7ff6b0abac08
                                                                                                                                                                                                    0x7ff6b0abac0a
                                                                                                                                                                                                    0x7ff6b0abac0d
                                                                                                                                                                                                    0x7ff6b0abac17
                                                                                                                                                                                                    0x7ff6b0abac23
                                                                                                                                                                                                    0x7ff6b0abac2b
                                                                                                                                                                                                    0x7ff6b0abac2e
                                                                                                                                                                                                    0x7ff6b0abac32
                                                                                                                                                                                                    0x7ff6b0abac3a
                                                                                                                                                                                                    0x7ff6b0abac3e
                                                                                                                                                                                                    0x7ff6b0abac46
                                                                                                                                                                                                    0x7ff6b0abac48
                                                                                                                                                                                                    0x7ff6b0abac51
                                                                                                                                                                                                    0x7ff6b0abac64
                                                                                                                                                                                                    0x7ff6b0abac66
                                                                                                                                                                                                    0x7ff6b0abac69
                                                                                                                                                                                                    0x7ff6b0abac6c
                                                                                                                                                                                                    0x7ff6b0abac74
                                                                                                                                                                                                    0x7ff6b0abac87
                                                                                                                                                                                                    0x7ff6b0abac8f
                                                                                                                                                                                                    0x7ff6b0abaca3
                                                                                                                                                                                                    0x7ff6b0abaca5
                                                                                                                                                                                                    0x7ff6b0abacb2
                                                                                                                                                                                                    0x7ff6b0abacb4
                                                                                                                                                                                                    0x7ff6b0abacbc
                                                                                                                                                                                                    0x7ff6b0abacc6
                                                                                                                                                                                                    0x7ff6b0abacc9
                                                                                                                                                                                                    0x7ff6b0abacd0
                                                                                                                                                                                                    0x7ff6b0abacd2
                                                                                                                                                                                                    0x7ff6b0abacd6
                                                                                                                                                                                                    0x7ff6b0abacda
                                                                                                                                                                                                    0x7ff6b0abacdd
                                                                                                                                                                                                    0x7ff6b0abace0
                                                                                                                                                                                                    0x7ff6b0abace6
                                                                                                                                                                                                    0x7ff6b0abace8
                                                                                                                                                                                                    0x7ff6b0abaceb
                                                                                                                                                                                                    0x7ff6b0abacfe
                                                                                                                                                                                                    0x7ff6b0abad05
                                                                                                                                                                                                    0x7ff6b0abad18
                                                                                                                                                                                                    0x7ff6b0abad2a
                                                                                                                                                                                                    0x7ff6b0abad32
                                                                                                                                                                                                    0x7ff6b0abad34
                                                                                                                                                                                                    0x7ff6b0abad37
                                                                                                                                                                                                    0x7ff6b0abad3c
                                                                                                                                                                                                    0x7ff6b0abad42
                                                                                                                                                                                                    0x7ff6b0abad45
                                                                                                                                                                                                    0x7ff6b0abad4b
                                                                                                                                                                                                    0x7ff6b0abad51
                                                                                                                                                                                                    0x7ff6b0abad67
                                                                                                                                                                                                    0x7ff6b0abad69
                                                                                                                                                                                                    0x7ff6b0abad69
                                                                                                                                                                                                    0x7ff6b0abad70
                                                                                                                                                                                                    0x7ff6b0abad75
                                                                                                                                                                                                    0x7ff6b0abad77
                                                                                                                                                                                                    0x7ff6b0abad7a
                                                                                                                                                                                                    0x7ff6b0abad7d
                                                                                                                                                                                                    0x7ff6b0abad82
                                                                                                                                                                                                    0x7ff6b0abad84
                                                                                                                                                                                                    0x7ff6b0abad89
                                                                                                                                                                                                    0x7ff6b0abad8e
                                                                                                                                                                                                    0x7ff6b0abad90
                                                                                                                                                                                                    0x7ff6b0abad92
                                                                                                                                                                                                    0x7ff6b0abad94
                                                                                                                                                                                                    0x7ff6b0abad96
                                                                                                                                                                                                    0x7ff6b0abad98
                                                                                                                                                                                                    0x7ff6b0abad9e
                                                                                                                                                                                                    0x7ff6b0abada0
                                                                                                                                                                                                    0x7ff6b0abadab
                                                                                                                                                                                                    0x7ff6b0abadb0
                                                                                                                                                                                                    0x7ff6b0abadbb
                                                                                                                                                                                                    0x7ff6b0abadbe
                                                                                                                                                                                                    0x7ff6b0abadbe
                                                                                                                                                                                                    0x7ff6b0abadc5
                                                                                                                                                                                                    0x7ff6b0abadc9
                                                                                                                                                                                                    0x7ff6b0abadcc
                                                                                                                                                                                                    0x7ff6b0abadd2
                                                                                                                                                                                                    0x7ff6b0abade5
                                                                                                                                                                                                    0x7ff6b0abade7
                                                                                                                                                                                                    0x7ff6b0abadeb
                                                                                                                                                                                                    0x7ff6b0abadef
                                                                                                                                                                                                    0x7ff6b0abadf1
                                                                                                                                                                                                    0x7ff6b0abadf5
                                                                                                                                                                                                    0x7ff6b0abadf9
                                                                                                                                                                                                    0x7ff6b0abae03
                                                                                                                                                                                                    0x7ff6b0abae06
                                                                                                                                                                                                    0x7ff6b0abae09
                                                                                                                                                                                                    0x7ff6b0abae23
                                                                                                                                                                                                    0x7ff6b0abae2a
                                                                                                                                                                                                    0x7ff6b0abae31
                                                                                                                                                                                                    0x7ff6b0abae33
                                                                                                                                                                                                    0x7ff6b0abae36
                                                                                                                                                                                                    0x7ff6b0abae3c
                                                                                                                                                                                                    0x7ff6b0abae42
                                                                                                                                                                                                    0x7ff6b0abae5f
                                                                                                                                                                                                    0x7ff6b0abae66
                                                                                                                                                                                                    0x7ff6b0abae6a
                                                                                                                                                                                                    0x7ff6b0abae6c
                                                                                                                                                                                                    0x7ff6b0abae75
                                                                                                                                                                                                    0x7ff6b0abae7b
                                                                                                                                                                                                    0x7ff6b0abaea0
                                                                                                                                                                                                    0x7ff6b0abaea2
                                                                                                                                                                                                    0x7ff6b0abaeb0
                                                                                                                                                                                                    0x7ff6b0abaeb2
                                                                                                                                                                                                    0x7ff6b0abaeb6
                                                                                                                                                                                                    0x7ff6b0abaebd
                                                                                                                                                                                                    0x7ff6b0abaee4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer_getptd
                                                                                                                                                                                                    • String ID: 0$gfffffff
                                                                                                                                                                                                    • API String ID: 2834218312-1804767287
                                                                                                                                                                                                    • Opcode ID: 5e0a4473535deda9db7320d224ec572da4a58290ec71d1521485fd4c5be27886
                                                                                                                                                                                                    • Instruction ID: 66bd60c603797e3f375b3fc72579916c71f316fd4aff52580cf924236839e97a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0a4473535deda9db7320d224ec572da4a58290ec71d1521485fd4c5be27886
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3B12163A083CA57EB218B2C91453AE7F95EB62790F148A71DB5D87BD3DE3DE8508300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB3A4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF67FF6B0AB3A4C(void* __ebx, void* __ecx, long long __rbx, char* __rcx, void* __rdx, void* __r9, long long _a24) {
				signed int _v16;
				char _v24;
				signed long long _t25;
				signed long long _t26;
				void* _t40;
				void* _t44;

				_t44 = __r9;
				_a24 = __rbx;
				_t25 =  *0xb0ae0430; // 0x449f37dbf1f
				_t26 = _t25 ^ _t40 - 0x00000030;
				_v16 = _t26;
				if (__rcx == 0) goto 0xb0ab3ad6;
				if ( *__rcx == 0) goto 0xb0ab3ad6;
				if (E00007FF67FF6B0AABBE0(__ecx, __rcx, 0xb0ad2ac8) == 0) goto 0xb0ab3ad6;
				if (E00007FF67FF6B0AABBE0(__ecx, __rcx, 0xb0ad2ac4) != 0) goto 0xb0ab3ab6;
				_t4 = _t26 + 8; // 0x8
				r9d = _t4;
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0xb0ab3af3;
				E00007FF67FF6B0AA4984(_t26, 0xb0ad2ac4);
				return E00007FF67FF6B0AA4050( *((intOrPtr*)(__rdx + 0x24)), _v16 ^ _t40 - 0x00000030, 0xb0ad2ac4,  &_v24, _t44);
			}









                                                                                                                                                                                                    0x7ff6b0ab3a4c
                                                                                                                                                                                                    0x7ff6b0ab3a4c
                                                                                                                                                                                                    0x7ff6b0ab3a56
                                                                                                                                                                                                    0x7ff6b0ab3a5d
                                                                                                                                                                                                    0x7ff6b0ab3a60
                                                                                                                                                                                                    0x7ff6b0ab3a6e
                                                                                                                                                                                                    0x7ff6b0ab3a73
                                                                                                                                                                                                    0x7ff6b0ab3a83
                                                                                                                                                                                                    0x7ff6b0ab3a96
                                                                                                                                                                                                    0x7ff6b0ab3a9b
                                                                                                                                                                                                    0x7ff6b0ab3a9b
                                                                                                                                                                                                    0x7ff6b0ab3aaf
                                                                                                                                                                                                    0x7ff6b0ab3ab9
                                                                                                                                                                                                    0x7ff6b0ab3ad5

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF6B0AB42E0,?,?,?,?,00000000,00007FF6B0AA8850), ref: 00007FF6B0AB3AA7
                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF6B0AB42E0,?,?,?,?,00000000,00007FF6B0AA8850), ref: 00007FF6B0AB3AE9
                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,?,?,00000000,00007FF6B0AB42E0,?,?,?,?,00000000,00007FF6B0AA8850), ref: 00007FF6B0AB3B0C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                    • Opcode ID: 05857ef6789c705f425dab733761c92d82b1b5cb51473c9fdfa44ed524b23ad1
                                                                                                                                                                                                    • Instruction ID: 5ef15fbfe23a2d49e18a078126e48de1aa8350cc46d1e44c77159e8e9fbb1d00
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05857ef6789c705f425dab733761c92d82b1b5cb51473c9fdfa44ed524b23ad1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74217F23B0C54BB1EA20AB28E4101B96BA0FF447C4F944934DB8DC67A7EF2DE504C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA6F3C Relevance: 7.6, APIs: 5, Instructions: 105COMMONCrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF67FF6B0AA6F3C(intOrPtr* __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int __r9, long long _a8, long long _a16, long long _a24, signed long long _a32) {
				long long _v40;
				signed int _t35;
				signed int _t42;
				void* _t55;
				long long _t69;
				long long* _t71;
				long long _t79;
				signed long long _t82;
				long long _t92;

				_t88 = __r8;
				_t84 = __rbp;
				_t78 = __rdx;
				_t73 = __rcx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __rcx;
				r12d = r8d;
				_t71 = __rcx;
				if ((0 | __rcx != _t79) != 0) goto 0xb0aa6f95;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(__rax, __rcx, __rcx, __rdx, __r9, __rbp, __r8);
				goto 0xb0aa7093;
				if (r8d == 4) goto 0xb0aa6fcd;
				if (r8d == 0) goto 0xb0aa6fcd;
				if (r8d == 0x40) goto 0xb0aa6fcd;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(__rax, _t71, _t73, _t78, __r9, _t84, _t88);
				goto 0xb0aa7093;
				if (r8d == 0) goto 0xb0aa6fd8;
				if (r8d != 0x40) goto 0xb0aa700b;
				_t69 = __r9 - 2;
				if (_t69 - 0x7ffffffd <= 0) goto 0xb0aa700b;
				E00007FF67FF6B0AA78AC(_t69);
				 *_t69 = 0x16;
				_v40 = _t79;
				r9d = 0;
				r8d = 0;
				_t35 = E00007FF67FF6B0AA4430(_t69, _t71, _t73, _t78, __r9, _t84, _t88);
				goto 0xb0aa7093;
				_t82 = __r9 & 0xfffffffe;
				E00007FF67FF6B0AAB4D0(_t35 | 0xffffffff, _t73);
				E00007FF67FF6B0AA6BCC(_t71, _t71, _t82);
				E00007FF67FF6B0AB1B24(_t69, _t71);
				 *(_t71 + 0x18) =  *(_t71 + 0x18) & 0xffffc2f3;
				if ((r12b & 0x00000004) == 0) goto 0xb0aa704b;
				 *(_t71 + 0x18) =  *(_t71 + 0x18) | 0x00000004;
				_a32 = _t82;
				goto 0xb0aa707c;
				if (_t71 + 0x20 != _t79) goto 0xb0aa7074;
				_t42 = E00007FF67FF6B0AAA574(_t55, _t69, _t71, _t82, _t82, _t84);
				_t92 = _t69;
				if (_t69 != _t79) goto 0xb0aa706b;
				 *0xb0ae30c8 =  *0xb0ae30c8 + 1;
				goto 0xb0aa7089;
				 *(_t71 + 0x18) =  *(_t71 + 0x18) | 0x00000408;
				goto 0xb0aa707c;
				 *(_t71 + 0x18) = _t42 | 0x00000500;
				 *((intOrPtr*)(_t71 + 0x24)) = 2;
				 *((long long*)(_t71 + 0x10)) = _t92;
				 *_t71 = _t92;
				 *((intOrPtr*)(_t71 + 8)) = 0xffffffff;
				E00007FF67FF6B0AAB560(_t42 | 0x00000500, _t71);
				return 0xffffffff;
			}












                                                                                                                                                                                                    0x7ff6b0aa6f3c
                                                                                                                                                                                                    0x7ff6b0aa6f3c
                                                                                                                                                                                                    0x7ff6b0aa6f3c
                                                                                                                                                                                                    0x7ff6b0aa6f3c
                                                                                                                                                                                                    0x7ff6b0aa6f3c
                                                                                                                                                                                                    0x7ff6b0aa6f41
                                                                                                                                                                                                    0x7ff6b0aa6f46
                                                                                                                                                                                                    0x7ff6b0aa6f57
                                                                                                                                                                                                    0x7ff6b0aa6f5d
                                                                                                                                                                                                    0x7ff6b0aa6f6c
                                                                                                                                                                                                    0x7ff6b0aa6f6e
                                                                                                                                                                                                    0x7ff6b0aa6f73
                                                                                                                                                                                                    0x7ff6b0aa6f79
                                                                                                                                                                                                    0x7ff6b0aa6f7e
                                                                                                                                                                                                    0x7ff6b0aa6f81
                                                                                                                                                                                                    0x7ff6b0aa6f88
                                                                                                                                                                                                    0x7ff6b0aa6f90
                                                                                                                                                                                                    0x7ff6b0aa6f99
                                                                                                                                                                                                    0x7ff6b0aa6f9e
                                                                                                                                                                                                    0x7ff6b0aa6fa4
                                                                                                                                                                                                    0x7ff6b0aa6fa6
                                                                                                                                                                                                    0x7ff6b0aa6fab
                                                                                                                                                                                                    0x7ff6b0aa6fb1
                                                                                                                                                                                                    0x7ff6b0aa6fb6
                                                                                                                                                                                                    0x7ff6b0aa6fb9
                                                                                                                                                                                                    0x7ff6b0aa6fc0
                                                                                                                                                                                                    0x7ff6b0aa6fc8
                                                                                                                                                                                                    0x7ff6b0aa6fd0
                                                                                                                                                                                                    0x7ff6b0aa6fd6
                                                                                                                                                                                                    0x7ff6b0aa6fd8
                                                                                                                                                                                                    0x7ff6b0aa6fe2
                                                                                                                                                                                                    0x7ff6b0aa6fe4
                                                                                                                                                                                                    0x7ff6b0aa6fe9
                                                                                                                                                                                                    0x7ff6b0aa6fef
                                                                                                                                                                                                    0x7ff6b0aa6ff4
                                                                                                                                                                                                    0x7ff6b0aa6ff7
                                                                                                                                                                                                    0x7ff6b0aa6ffe
                                                                                                                                                                                                    0x7ff6b0aa7006
                                                                                                                                                                                                    0x7ff6b0aa700b
                                                                                                                                                                                                    0x7ff6b0aa700f
                                                                                                                                                                                                    0x7ff6b0aa7018
                                                                                                                                                                                                    0x7ff6b0aa7020
                                                                                                                                                                                                    0x7ff6b0aa7025
                                                                                                                                                                                                    0x7ff6b0aa7033
                                                                                                                                                                                                    0x7ff6b0aa7038
                                                                                                                                                                                                    0x7ff6b0aa7044
                                                                                                                                                                                                    0x7ff6b0aa7049
                                                                                                                                                                                                    0x7ff6b0aa704e
                                                                                                                                                                                                    0x7ff6b0aa7053
                                                                                                                                                                                                    0x7ff6b0aa7058
                                                                                                                                                                                                    0x7ff6b0aa705e
                                                                                                                                                                                                    0x7ff6b0aa7060
                                                                                                                                                                                                    0x7ff6b0aa7069
                                                                                                                                                                                                    0x7ff6b0aa706b
                                                                                                                                                                                                    0x7ff6b0aa7072
                                                                                                                                                                                                    0x7ff6b0aa7079
                                                                                                                                                                                                    0x7ff6b0aa707c
                                                                                                                                                                                                    0x7ff6b0aa707f
                                                                                                                                                                                                    0x7ff6b0aa7083
                                                                                                                                                                                                    0x7ff6b0aa7086
                                                                                                                                                                                                    0x7ff6b0aa708c
                                                                                                                                                                                                    0x7ff6b0aa70a6

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2310398763-0
                                                                                                                                                                                                    • Opcode ID: c827abf252cecc7df5f4a5742bc49cb4568c02ee89e71d0df796e521da3256ab
                                                                                                                                                                                                    • Instruction ID: c9313fe03029e71f0e0494d2a766af16438bad03b8bf9b6e369e72c5f72faefa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c827abf252cecc7df5f4a5742bc49cb4568c02ee89e71d0df796e521da3256ab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B41F233E1861256F3259F39A80163F7A90EB80B64F345A31EB6983BD7CE7CE4408A40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB3CEC Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF67FF6B0AB3CEC(void* __ecx, void* __edx, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				char _v152;
				signed int _t58;
				signed int _t68;
				signed int _t85;
				void* _t105;
				signed long long _t131;
				signed long long _t132;
				signed long long _t155;
				void* _t156;
				void* _t159;

				_t167 = __r9;
				_t157 = __rbp;
				_a16 = __rbx;
				_a24 = __rbp;
				_t131 =  *0xb0ae0430; // 0x449f37dbf1f
				_t132 = _t131 ^ _t159 - 0x000000b0;
				_v24 = _t132;
				_t134 = __rcx;
				E00007FF67FF6B0AAB93C(__ecx, __eflags, _t132);
				_t155 = _t132;
				_t58 = E00007FF67FF6B0AB3B14(__rcx, __rdx, __r9);
				r9d = 0x78;
				asm("sbb edx, edx");
				_t85 = _t58;
				if (GetLocaleInfoA(??, ??, ??, ??) != 0) goto 0xb0ab3d64;
				 *(_t155 + 0x150) = 0;
				goto 0xb0ab3f59;
				if (E00007FF67FF6B0AB5C40(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x148)),  &_v152, _t156, __rbp,  &_v152, __r9) != 0) goto 0xb0ab3e5c;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0xb0ab3d54;
				if (E00007FF67FF6B0AB5C40(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, __rbp,  &_v152, __r9) != 0) goto 0xb0ab3dd4;
				 *(_t155 + 0x150) =  *(_t155 + 0x150) | 0x00000304;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				goto 0xb0ab3e56;
				if (( *(_t155 + 0x150) & 0x00000002) != 0) goto 0xb0ab3e5c;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0xb0ab3e2a;
				if (E00007FF67FF6B0AB5DF0(_t105, _t132, __rcx,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, __rbp,  *((intOrPtr*)(_t155 + 0x154)), __r9) != 0) goto 0xb0ab3e2a;
				 *(_t155 + 0x150) =  *(_t155 + 0x150) | 0x00000002;
				 *((intOrPtr*)(_t155 + 0x164)) = _t85;
				if (E00007FF67FF6B0AA70C0(_t66,  *((intOrPtr*)(_t155 + 0x140))) !=  *((intOrPtr*)(_t155 + 0x154))) goto 0xb0ab3e5c;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				goto 0xb0ab3e5c;
				_t68 =  *(_t155 + 0x150);
				if ((_t68 & 0x00000001) != 0) goto 0xb0ab3e5c;
				if (_t85 ==  *0xb0ad2ab0) goto 0xb0ab3e5c;
				if (1 - 0xa < 0) goto 0xb0ab3e3d;
				 *(_t155 + 0x150) = _t68 | 0x00000001;
				 *((intOrPtr*)(_t155 + 0x164)) = _t85;
				if (( *(_t155 + 0x150) & 0x00000300) == 0x300) goto 0xb0ab3f4b;
				r9d = 0x78;
				asm("sbb edx, edx");
				if (GetLocaleInfoA(??, ??, ??, ??) == 0) goto 0xb0ab3d54;
				if (E00007FF67FF6B0AB5C40(_t105, _t132, _t134,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, _t157,  &_v152, _t167) != 0) goto 0xb0ab3efc;
				asm("bts dword [edi+0x150], 0x9");
				if ( *((intOrPtr*)(_t155 + 0x158)) == 0) goto 0xb0ab3ed9;
				asm("bts eax, 0x8");
				goto 0xb0ab3f3d;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0xb0ab3f35;
				if (E00007FF67FF6B0AA70C0( *(_t155 + 0x150),  *((intOrPtr*)(_t155 + 0x140))) !=  *((intOrPtr*)(_t155 + 0x154))) goto 0xb0ab3f35;
				goto 0xb0ab3f23;
				if ( *((intOrPtr*)(_t155 + 0x158)) != 0) goto 0xb0ab3f4b;
				if ( *((intOrPtr*)(_t155 + 0x154)) == 0) goto 0xb0ab3f4b;
				if (E00007FF67FF6B0AB5C40(_t105, _t132, _t134,  *((intOrPtr*)(_t155 + 0x140)),  &_v152, _t156, _t157,  &_v152, _t167) != 0) goto 0xb0ab3f4b;
				_t49 = _t155 + 0x140; // 0x140
				if (E00007FF67FF6B0AB3C38(_t85, 0, _t134, _t49, _t167) == 0) goto 0xb0ab3f4b;
				asm("bts dword [edi+0x150], 0x8");
				if ( *((intOrPtr*)(_t155 + 0x160)) != 0) goto 0xb0ab3f4b;
				 *((intOrPtr*)(_t155 + 0x160)) = _t85;
				return E00007FF67FF6B0AA4050(_t85, _v24 ^ _t159 - 0x000000b0,  &_v152, _t49, _t167);
			}















                                                                                                                                                                                                    0x7ff6b0ab3cec
                                                                                                                                                                                                    0x7ff6b0ab3cec
                                                                                                                                                                                                    0x7ff6b0ab3cec
                                                                                                                                                                                                    0x7ff6b0ab3cf1
                                                                                                                                                                                                    0x7ff6b0ab3cfe
                                                                                                                                                                                                    0x7ff6b0ab3d05
                                                                                                                                                                                                    0x7ff6b0ab3d08
                                                                                                                                                                                                    0x7ff6b0ab3d10
                                                                                                                                                                                                    0x7ff6b0ab3d13
                                                                                                                                                                                                    0x7ff6b0ab3d1b
                                                                                                                                                                                                    0x7ff6b0ab3d1e
                                                                                                                                                                                                    0x7ff6b0ab3d30
                                                                                                                                                                                                    0x7ff6b0ab3d36
                                                                                                                                                                                                    0x7ff6b0ab3d3a
                                                                                                                                                                                                    0x7ff6b0ab3d52
                                                                                                                                                                                                    0x7ff6b0ab3d54
                                                                                                                                                                                                    0x7ff6b0ab3d5f
                                                                                                                                                                                                    0x7ff6b0ab3d77
                                                                                                                                                                                                    0x7ff6b0ab3d88
                                                                                                                                                                                                    0x7ff6b0ab3d92
                                                                                                                                                                                                    0x7ff6b0ab3da8
                                                                                                                                                                                                    0x7ff6b0ab3dbd
                                                                                                                                                                                                    0x7ff6b0ab3dbf
                                                                                                                                                                                                    0x7ff6b0ab3dc9
                                                                                                                                                                                                    0x7ff6b0ab3dcf
                                                                                                                                                                                                    0x7ff6b0ab3ddb
                                                                                                                                                                                                    0x7ff6b0ab3de3
                                                                                                                                                                                                    0x7ff6b0ab3dff
                                                                                                                                                                                                    0x7ff6b0ab3e08
                                                                                                                                                                                                    0x7ff6b0ab3e0f
                                                                                                                                                                                                    0x7ff6b0ab3e20
                                                                                                                                                                                                    0x7ff6b0ab3e22
                                                                                                                                                                                                    0x7ff6b0ab3e28
                                                                                                                                                                                                    0x7ff6b0ab3e2a
                                                                                                                                                                                                    0x7ff6b0ab3e32
                                                                                                                                                                                                    0x7ff6b0ab3e40
                                                                                                                                                                                                    0x7ff6b0ab3e4b
                                                                                                                                                                                                    0x7ff6b0ab3e50
                                                                                                                                                                                                    0x7ff6b0ab3e56
                                                                                                                                                                                                    0x7ff6b0ab3e6b
                                                                                                                                                                                                    0x7ff6b0ab3e7c
                                                                                                                                                                                                    0x7ff6b0ab3e86
                                                                                                                                                                                                    0x7ff6b0ab3e9c
                                                                                                                                                                                                    0x7ff6b0ab3eb5
                                                                                                                                                                                                    0x7ff6b0ab3eb7
                                                                                                                                                                                                    0x7ff6b0ab3ecb
                                                                                                                                                                                                    0x7ff6b0ab3ecd
                                                                                                                                                                                                    0x7ff6b0ab3ed7
                                                                                                                                                                                                    0x7ff6b0ab3edf
                                                                                                                                                                                                    0x7ff6b0ab3ef3
                                                                                                                                                                                                    0x7ff6b0ab3efa
                                                                                                                                                                                                    0x7ff6b0ab3f02
                                                                                                                                                                                                    0x7ff6b0ab3f0a
                                                                                                                                                                                                    0x7ff6b0ab3f1f
                                                                                                                                                                                                    0x7ff6b0ab3f23
                                                                                                                                                                                                    0x7ff6b0ab3f33
                                                                                                                                                                                                    0x7ff6b0ab3f35
                                                                                                                                                                                                    0x7ff6b0ab3f43
                                                                                                                                                                                                    0x7ff6b0ab3f45
                                                                                                                                                                                                    0x7ff6b0ab3f7d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale$_getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1743167714-0
                                                                                                                                                                                                    • Opcode ID: 0bc0ce5ffb63eeeb20c95d733831d935c457454a07d1c7dd2c0a88a1cc289cfb
                                                                                                                                                                                                    • Instruction ID: 4cea510967ab4d039c3421e7e13b022586c6886b5f2d8517f486eee73ee0534a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bc0ce5ffb63eeeb20c95d733831d935c457454a07d1c7dd2c0a88a1cc289cfb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98618173B08A8AA7DB699A28D9443F97BA1F788705F504936D75DCB382CF3CE4648700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA52E8 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODECrypto
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF67FF6B0AA52E8(void* __edi, void* __esi, intOrPtr* __rax, long long __rbx, signed long long* __rcx, intOrPtr* __rdx, long long __rsi, long long __rbp, signed long long __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a40, intOrPtr _a48) {
				void* _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				char _v56;
				long long _v72;
				void* __rdi;
				intOrPtr* _t77;
				intOrPtr _t78;
				intOrPtr* _t79;
				signed long long _t80;
				intOrPtr* _t82;
				long long* _t84;
				intOrPtr* _t90;
				signed long long _t93;
				signed long long* _t95;
				long long _t103;
				long long _t109;

				_t97 = __rbp;
				_t90 = __rdx;
				_t84 = __rcx;
				_t77 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				r14d = 0;
				_t93 = __r8;
				_t82 = __rdx;
				_t95 = __rcx;
				if (__rdx != _t109) goto 0xb0aa531e;
				if (__r8 == _t109) goto 0xb0aa534e;
				goto 0xb0aa5323;
				if (__r8 - _t109 > 0) goto 0xb0aa534a;
				E00007FF67FF6B0AA78AC(__rax);
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				_v72 = _t109;
				E00007FF67FF6B0AA4430(__rax, __rdx, __rcx, __rdx, __rcx, __rbp, __r8);
				goto 0xb0aa547a;
				 *_t90 = r14w;
				if (_t84 == _t109) goto 0xb0aa5356;
				 *_t84 = _t109;
				E00007FF67FF6B0AA4E5C(__rax,  &_v56, _a48);
				_t103 = _a40;
				_t104 =  >  ? _t93 : _t103;
				_t65 = ( >  ? _t93 : _t103) - 0x7fffffff;
				if (( >  ? _t93 : _t103) - 0x7fffffff <= 0) goto 0xb0aa53b5;
				E00007FF67FF6B0AA78AC(_t77);
				r9d = 0;
				r8d = 0;
				 *_t77 = 0x16;
				_v72 = _t109;
				E00007FF67FF6B0AA4430(_t77, _t82,  &_v56, _a48, _t95, _t97,  >  ? _t93 : _t103);
				if (_v32 == r14b) goto 0xb0aa5343;
				_t78 = _v40;
				 *(_t78 + 0xc8) =  *(_t78 + 0xc8) & 0xfffffffd;
				goto 0xb0aa5343;
				E00007FF67FF6B0AA50E0(__edi, __esi, r14d, _t82, _t82, __r9, _t93, _t95,  >  ? _t93 : _t103,  &_v56);
				if (_t78 != 0xffffffff) goto 0xb0aa53f7;
				if (_t82 == _t109) goto 0xb0aa53d4;
				 *_t82 = r14w;
				E00007FF67FF6B0AA78AC(_t78);
				if (_v32 == r14b) goto 0xb0aa547a;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				goto 0xb0aa547a;
				_t79 = _t78 + 1;
				if (_t82 == _t109) goto 0xb0aa545d;
				if (_t79 - _t93 <= 0) goto 0xb0aa5457;
				if (_a40 == 0xffffffff) goto 0xb0aa544f;
				 *_t82 = r14w;
				E00007FF67FF6B0AA78AC(_t79);
				r9d = 0;
				r8d = 0;
				 *_t79 = 0x22;
				_v72 = _t109;
				E00007FF67FF6B0AA4430(_t79, _t82, _v40, __r9, _t95, _t97,  >  ? _t93 : _t103);
				if (_v32 == r14b) goto 0xb0aa5343;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				goto 0xb0aa5343;
				_t80 = _t93;
				 *((intOrPtr*)(_t82 + _t80 * 2 - 2)) = r14w;
				if (_t95 == _t109) goto 0xb0aa5465;
				 *_t95 = _t80;
				if (_v32 == r14b) goto 0xb0aa5478;
				 *(_v40 + 0xc8) =  *(_v40 + 0xc8) & 0xfffffffd;
				return 0x50;
			}




















                                                                                                                                                                                                    0x7ff6b0aa52e8
                                                                                                                                                                                                    0x7ff6b0aa52e8
                                                                                                                                                                                                    0x7ff6b0aa52e8
                                                                                                                                                                                                    0x7ff6b0aa52e8
                                                                                                                                                                                                    0x7ff6b0aa52e8
                                                                                                                                                                                                    0x7ff6b0aa52ed
                                                                                                                                                                                                    0x7ff6b0aa52f2
                                                                                                                                                                                                    0x7ff6b0aa5300
                                                                                                                                                                                                    0x7ff6b0aa5306
                                                                                                                                                                                                    0x7ff6b0aa5309
                                                                                                                                                                                                    0x7ff6b0aa530c
                                                                                                                                                                                                    0x7ff6b0aa5315
                                                                                                                                                                                                    0x7ff6b0aa531a
                                                                                                                                                                                                    0x7ff6b0aa531c
                                                                                                                                                                                                    0x7ff6b0aa5321
                                                                                                                                                                                                    0x7ff6b0aa5323
                                                                                                                                                                                                    0x7ff6b0aa532d
                                                                                                                                                                                                    0x7ff6b0aa5330
                                                                                                                                                                                                    0x7ff6b0aa5337
                                                                                                                                                                                                    0x7ff6b0aa5339
                                                                                                                                                                                                    0x7ff6b0aa533e
                                                                                                                                                                                                    0x7ff6b0aa5345
                                                                                                                                                                                                    0x7ff6b0aa534a
                                                                                                                                                                                                    0x7ff6b0aa5351
                                                                                                                                                                                                    0x7ff6b0aa5353
                                                                                                                                                                                                    0x7ff6b0aa5363
                                                                                                                                                                                                    0x7ff6b0aa5368
                                                                                                                                                                                                    0x7ff6b0aa5373
                                                                                                                                                                                                    0x7ff6b0aa5377
                                                                                                                                                                                                    0x7ff6b0aa537e
                                                                                                                                                                                                    0x7ff6b0aa5380
                                                                                                                                                                                                    0x7ff6b0aa538a
                                                                                                                                                                                                    0x7ff6b0aa538d
                                                                                                                                                                                                    0x7ff6b0aa5394
                                                                                                                                                                                                    0x7ff6b0aa5396
                                                                                                                                                                                                    0x7ff6b0aa539b
                                                                                                                                                                                                    0x7ff6b0aa53a5
                                                                                                                                                                                                    0x7ff6b0aa53a7
                                                                                                                                                                                                    0x7ff6b0aa53ac
                                                                                                                                                                                                    0x7ff6b0aa53b3
                                                                                                                                                                                                    0x7ff6b0aa53c0
                                                                                                                                                                                                    0x7ff6b0aa53c9
                                                                                                                                                                                                    0x7ff6b0aa53ce
                                                                                                                                                                                                    0x7ff6b0aa53d0
                                                                                                                                                                                                    0x7ff6b0aa53d4
                                                                                                                                                                                                    0x7ff6b0aa53e0
                                                                                                                                                                                                    0x7ff6b0aa53eb
                                                                                                                                                                                                    0x7ff6b0aa53f2
                                                                                                                                                                                                    0x7ff6b0aa53f7
                                                                                                                                                                                                    0x7ff6b0aa53fd
                                                                                                                                                                                                    0x7ff6b0aa5402
                                                                                                                                                                                                    0x7ff6b0aa540d
                                                                                                                                                                                                    0x7ff6b0aa540f
                                                                                                                                                                                                    0x7ff6b0aa5413
                                                                                                                                                                                                    0x7ff6b0aa541d
                                                                                                                                                                                                    0x7ff6b0aa5420
                                                                                                                                                                                                    0x7ff6b0aa5427
                                                                                                                                                                                                    0x7ff6b0aa5429
                                                                                                                                                                                                    0x7ff6b0aa542e
                                                                                                                                                                                                    0x7ff6b0aa5438
                                                                                                                                                                                                    0x7ff6b0aa5443
                                                                                                                                                                                                    0x7ff6b0aa544a
                                                                                                                                                                                                    0x7ff6b0aa544f
                                                                                                                                                                                                    0x7ff6b0aa5457
                                                                                                                                                                                                    0x7ff6b0aa5460
                                                                                                                                                                                                    0x7ff6b0aa5462
                                                                                                                                                                                                    0x7ff6b0aa546a
                                                                                                                                                                                                    0x7ff6b0aa5471
                                                                                                                                                                                                    0x7ff6b0aa5493

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2310398763-0
                                                                                                                                                                                                    • Opcode ID: 969b6b03ac756c984ef9ddfa99fd8f5d4939811ed42fda2eef39814d5a7e2c3c
                                                                                                                                                                                                    • Instruction ID: b49150fe58176e179037c485a90d84ec02c21b4544fd4f321bd886b18849552d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 969b6b03ac756c984ef9ddfa99fd8f5d4939811ed42fda2eef39814d5a7e2c3c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0341D623A1868252E7608F39E45067E7A60FB847A0F744631EBAC977D6CE7CD4818F08
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB2F18 Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: ecc7a25734b82c8a69be3194843af15d0c5e0e132872565f55c5672a604358f9
                                                                                                                                                                                                    • Instruction ID: 189c23973c7710d23419f18629962a4c20a1b9625bacfa05b6f5047f1c866044
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecc7a25734b82c8a69be3194843af15d0c5e0e132872565f55c5672a604358f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6418323E15482D1EA44ABBAD8522BC2B2CEFC8B44F154931EB4D8B3E7CE18D8458354
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB4B80 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4BBD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4BD9
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C01
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C0A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C20
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C29
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C3F
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C48
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C66
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4C6F
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4CA1
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4CB0
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4D08
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4D28
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,000000FC,00000000,00007FF6B0AABEF0,?,?,?,?,?,00007FF6B0AABF84), ref: 00007FF6B0AB4D41
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeProc$Encode$LibraryLoad
                                                                                                                                                                                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                                                                                    • API String ID: 3085332118-232180764
                                                                                                                                                                                                    • Opcode ID: 3058f658b6c3c431e6a74a0b1d15c72de0f4353170a2b64a36bc1f1c13922d65
                                                                                                                                                                                                    • Instruction ID: 55011f5ffa8dae8bac62bebc148dc751af56277a9075fde7ba97875997000a51
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3058f658b6c3c431e6a74a0b1d15c72de0f4353170a2b64a36bc1f1c13922d65
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84510723F1AB07B0E955EB5EA8146782EA47F85B84F544D35DE0E877A7EE3CE4028310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB05C4 Relevance: 30.5, APIs: 20, Instructions: 485COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF67FF6B0AB05C4(void* __eax, signed int __ecx, void* __esi, long long __rdx, void* __r8, signed int _a8, long long _a16, char _a24, char _a32, char _a33) {
				long long _v88;
				unsigned int _v96;
				signed int _v100;
				intOrPtr _v104;
				unsigned int _v112;
				long long _v120;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t237;
				signed char _t240;
				signed short _t251;
				void* _t259;
				int _t266;
				void* _t268;
				signed int _t269;
				void* _t279;
				signed int _t286;
				unsigned int _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				signed int _t292;
				void* _t293;
				signed short _t300;
				char _t301;
				char _t302;
				signed int _t312;
				signed int _t313;
				void* _t341;
				void* _t346;
				signed short* _t417;
				intOrPtr _t419;
				intOrPtr _t424;
				intOrPtr _t425;
				long long _t427;
				char* _t430;
				intOrPtr* _t432;
				intOrPtr _t434;
				intOrPtr* _t440;
				intOrPtr* _t443;
				void* _t444;
				signed short* _t445;
				signed short* _t446;
				signed short* _t447;
				signed char* _t449;
				signed char* _t450;
				signed char* _t451;
				signed char* _t453;
				signed short* _t457;
				signed short* _t458;
				intOrPtr _t461;
				intOrPtr _t466;
				char* _t476;
				long long _t485;
				signed long long _t487;
				void* _t488;
				void* _t492;
				signed short* _t507;
				signed short* _t508;
				intOrPtr* _t511;
				signed short* _t512;
				signed short* _t513;
				signed short* _t516;
				signed short* _t518;
				signed long long _t520;
				void* _t521;
				void* _t523;

				_t492 = __r8;
				_t474 = __rdx;
				_a16 = __rdx;
				_a8 = __ecx;
				r12d = 0xfffffffe;
				_t417 = __ecx;
				_t286 = r8d;
				_v100 = r12d;
				_v96 = _t286;
				if (__eax != r12d) goto 0xb0ab0610;
				E00007FF67FF6B0AA78CC(__ecx);
				 *__ecx = 0;
				_t237 = E00007FF67FF6B0AA78AC(__ecx);
				 *__ecx = 9;
				goto 0xb0ab0d2f;
				if (_t237 < 0) goto 0xb0ab0d09;
				_t341 = _t237 -  *0xb0ae89c0; // 0x20
				if (_t341 >= 0) goto 0xb0ab0d09;
				_t520 = __ecx >> 5;
				_t461 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				_t487 = __ecx * 0x58;
				if (( *(_t461 + _t487 + 8) & 0x00000001) == 0) goto 0xb0ab0d09;
				if (_t286 - 0x7fffffff <= 0) goto 0xb0ab0671;
				E00007FF67FF6B0AA78CC(__ecx);
				 *__ecx = 0;
				_t240 = E00007FF67FF6B0AA78AC(__ecx);
				 *__ecx = 0x16;
				goto 0xb0ab0d1b;
				if (_t286 == 0) goto 0xb0ab0d05;
				if ((_t240 & 0x00000002) != 0) goto 0xb0ab0d05;
				_t346 = __rdx - _t485;
				if (_t346 == 0) goto 0xb0ab065a;
				r15b =  *(_t461 + _t487 + 0x38);
				r8d = 4;
				r15b = r15b + r15b;
				r15b = r15b >> 1;
				if (_t346 == 0) goto 0xb0ab06b7;
				if (_t346 != 0) goto 0xb0ab06b2;
				if (( !_t286 & 0x00000001) == 0) goto 0xb0ab065a;
				_t287 = _t286 & 0xfffffffe;
				goto 0xb0ab071b;
				if (( !_t287 & 0x00000001) == 0) goto 0xb0ab065a;
				_t289 =  <  ? r8d : _t287 >> 1;
				E00007FF67FF6B0AAA574(0, __ecx, _t444, _t461, _t487, _t488);
				_t518 = _t417;
				if (_t417 != _t485) goto 0xb0ab06f2;
				E00007FF67FF6B0AA78AC(_t417);
				 *_t417 = 0xc;
				E00007FF67FF6B0AA78CC(_t417);
				 *_t417 = 8;
				goto 0xb0ab0d2f;
				_t22 = _t474 + 1; // 0x1
				r8d = _t22;
				E00007FF67FF6B0AB4D74(_t289, _a8, _t417, _t444, __rdx);
				 *( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x40) = _t417;
				_t419 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				r8d = 0xa;
				if (( *(_t419 + _t487 + 8) & 0x00000048) == 0) goto 0xb0ab07d3;
				_t300 =  *((intOrPtr*)(_t419 + _t487 + 9));
				if (_t300 == r8b) goto 0xb0ab07d3;
				if (_t289 == 0) goto 0xb0ab07d3;
				 *_t518 = _t300;
				r10d = r10d | 0xffffffff;
				_t290 = _t289 + r10d;
				_t41 =  &(_t518[0]); // 0x1
				_t476 = _t41;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 9)) = r8b;
				if (r15b == dil) goto 0xb0ab07d3;
				_t301 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39));
				if (_t301 == r8b) goto 0xb0ab07d3;
				if (_t290 == 0) goto 0xb0ab07d3;
				 *_t476 = _t301;
				_t291 = _t290 + r10d;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) = r8b;
				if (r15b != 1) goto 0xb0ab07d3;
				_t302 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a));
				if (_t302 == r8b) goto 0xb0ab07d3;
				if (_t291 == 0) goto 0xb0ab07d3;
				 *((char*)(_t476 + 1)) = _t302;
				_t424 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				_t64 = _t492 - 7; // -6
				_t292 = _t291 + r10d;
				 *((intOrPtr*)(_t424 + _t487 + 0x3a)) = r8b;
				r8d = _t292;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) == 0) goto 0xb0ab0cc9;
				if (0 < 0) goto 0xb0ab0cc9;
				if (_v104 - _t424 > 0) goto 0xb0ab0cc9;
				_t425 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				if (( *(_t425 + _t487 + 8) & 0x00000080) == 0) goto 0xb0ab0ca7;
				if (r15b == 2) goto 0xb0ab0af0;
				if (0 == 0) goto 0xb0ab084a;
				if ( *_t518 != 0xa) goto 0xb0ab084a;
				 *(_t425 + _t487 + 8) =  *(_t425 + _t487 + 8) | 0x00000004;
				goto 0xb0ab084f;
				 *(_t425 + _t487 + 8) =  *(_t425 + _t487 + 8) & 0x000000fb;
				_t445 = _t518;
				_t507 = _t518;
				_t427 = _t64 + _t518;
				_v88 = _t427;
				if (_t518 - _t427 >= 0) goto 0xb0ab09a3;
				_t251 =  *_t507;
				if (_t251 == 0x1a) goto 0xb0ab0984;
				if (_t251 == bpl) goto 0xb0ab088c;
				 *_t445 = _t251;
				_t446 =  &(_t445[0]);
				_t508 =  &(_t507[0]);
				goto 0xb0ab0977;
				if (_t508 - _v88 - 1 >= 0) goto 0xb0ab08b4;
				_t92 =  &(_t508[0]); // 0x1
				_t430 = _t92;
				if ( *_t430 != 0xa) goto 0xb0ab08ac;
				goto 0xb0ab093c;
				goto 0xb0ab0971;
				_t97 =  &_a24; // 0x1000000ae
				r8d = 1;
				_t511 = _t430 + 1;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) != 0) goto 0xb0ab08ef;
				if (GetLastError() != 0) goto 0xb0ab096a;
				if (_v104 == 0) goto 0xb0ab096a;
				if (( *( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x00000048) == 0) goto 0xb0ab092d;
				if (_a24 == 0xa) goto 0xb0ab093c;
				 *_t446 = bpl;
				_t466 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				 *((char*)(_t466 + _t487 + 9)) = _a24;
				goto 0xb0ab0974;
				if (_t446 != _t518) goto 0xb0ab0941;
				if (_a24 != 0xa) goto 0xb0ab0941;
				 *_t446 = 0xa;
				goto 0xb0ab0974;
				r8d = 1;
				E00007FF67FF6B0AB4D74(_t292, _a8,  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)), _t446, _t97 | 0xffffffff);
				if (_a24 == 0xa) goto 0xb0ab0977;
				goto 0xb0ab0971;
				 *_t446 = bpl;
				_t447 =  &(_t446[0]);
				if (_t511 - _v88 < 0) goto 0xb0ab086e;
				goto 0xb0ab09a3;
				_t432 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				if (( *(_t432 + _t487 + 8) & 0x00000040) != 0) goto 0xb0ab099a;
				 *(_t432 + _t487 + 8) =  *(_t432 + _t487 + 8) | 0x00000002;
				goto 0xb0ab09a3;
				 *_t447 =  *_t511;
				if (r15b != 1) goto 0xb0ab0ca2;
				if (_t292 - r13d == 0) goto 0xb0ab0ca2;
				r15d = 1;
				_t449 =  &(_t447[0]) - _t521;
				if (( *_t449 & 0x00000080) != 0) goto 0xb0ab09d0;
				_t450 =  &(_t449[_t521]);
				goto 0xb0ab0a82;
				_t312 = r15d;
				goto 0xb0ab09e5;
				if (_t312 - 4 > 0) goto 0xb0ab09f2;
				if (_t450 - _t518 < 0) goto 0xb0ab09f2;
				_t451 = _t450 - _t521;
				_t313 = _t312 + r15d;
				if ( *((intOrPtr*)(_t432 + 0x7ff6b0ae1380)) == dil) goto 0xb0ab09d5;
				if ( *((char*)(_t466 + 0x7ff6b0ae1380)) != 0) goto 0xb0ab0a16;
				_t259 = E00007FF67FF6B0AA78AC(_t432);
				 *_t432 = 0x2a;
				r12d = r12d | 0xffffffff;
				goto 0xb0ab0ca7;
				if (_t259 + 1 != _t313) goto 0xb0ab0a24;
				goto 0xb0ab0a82;
				_t434 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				if (( *(_t434 + _t487 + 8) & 0x00000048) == 0) goto 0xb0ab0a6e;
				_t453 =  &(( &(_t451[_t313]))[_t521]);
				 *((char*)(_t434 + _t487 + 9)) =  *_t451 & 0x000000ff;
				if (_t313 - 2 < 0) goto 0xb0ab0a50;
				 *((char*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) =  *_t453;
				if (_t313 != 3) goto 0xb0ab0a66;
				 *((char*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a)) = _t453[_t521];
				goto 0xb0ab0a82;
				r8d = r15d;
				E00007FF67FF6B0AB4D74(_t292, _a8, _t313,  &(( &(_t453[_t521]))[_t521]) - _t313,  ~_t313);
				_t293 = _t292 - r13d;
				r9d = _t293;
				_v112 = _v96 >> 1;
				_v120 = _a16;
				_t266 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t266 != 0) goto 0xb0ab0acb;
				_t268 = E00007FF67FF6B0AA78EC(GetLastError(), _t313);
				r12d = r12d | 0xffffffff;
				goto 0xb0ab0caf;
				r12d = _v100;
				dil = _t268 != _t293;
				 *((intOrPtr*)(0x7ff6b0a90000 + _t487 + 0x48)) = 0;
				goto 0xb0ab0caf;
				if (0 == 0) goto 0xb0ab0b07;
				if ( *_t518 != 0xa) goto 0xb0ab0b07;
				 *(0x7ff6b0a90000 + _t487 + 8) =  *(0x7ff6b0a90000 + _t487 + 8) | 0x00000004;
				goto 0xb0ab0b0c;
				 *(0x7ff6b0a90000 + _t487 + 8) =  *( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x000000fb;
				_t457 = _t518;
				_t512 = _t518;
				_t523 = _t266 + _t266 + _t518;
				if (_t518 - _t523 >= 0) goto 0xb0ab0c9d;
				_t269 =  *_t512 & 0x0000ffff;
				if (_t269 == 0x1a) goto 0xb0ab0c7b;
				if (_t269 == 0xd) goto 0xb0ab0b4b;
				 *_t457 = _t269;
				_t458 =  &(_t457[1]);
				_t513 =  &(_t512[1]);
				goto 0xb0ab0c70;
				if (_t513 - _t523 - 2 >= 0) goto 0xb0ab0b6f;
				_t180 =  &(_t513[1]); // 0x2
				_t440 = _t180;
				if ( *_t440 != 0xa) goto 0xb0ab0b67;
				goto 0xb0ab0c29;
				goto 0xb0ab0c69;
				r8d = 2;
				_t516 = _t440 + 2;
				_v120 = _t485;
				if (ReadFile(??, ??, ??, ??, ??) != 0) goto 0xb0ab0baf;
				if (GetLastError() != 0) goto 0xb0ab0c5d;
				if (_v104 == 0) goto 0xb0ab0c5d;
				if (( *( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 8) & 0x00000048) == 0) goto 0xb0ab0c15;
				if (_a32 == 0xa) goto 0xb0ab0c29;
				 *_t458 = 0xd;
				 *((char*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 9)) = _a32;
				 *((char*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x39)) = _a33;
				 *((char*)( *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)) + _t487 + 0x3a)) = 0xa;
				goto 0xb0ab0c6c;
				if (_t458 != _t518) goto 0xb0ab0c2e;
				if (_a32 != 0xa) goto 0xb0ab0c2e;
				 *_t458 = 0xa;
				goto 0xb0ab0c6c;
				r8d = 1;
				E00007FF67FF6B0AB4D74(_t293, _a8,  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8)), _t458, 0xfffffffe);
				if (_a32 == 0xa) goto 0xb0ab0c70;
				goto 0xb0ab0c69;
				 *_t458 = 0xd;
				if (_t516 - _t523 < 0) goto 0xb0ab0b27;
				goto 0xb0ab0c9d;
				_t443 =  *((intOrPtr*)(0x7ff6b0a90000 + 0x589e0 + _t520 * 8));
				if (( *(_t443 + _t487 + 8) & 0x00000040) != 0) goto 0xb0ab0c91;
				 *(_t443 + _t487 + 8) =  *(_t443 + _t487 + 8) | 0x00000002;
				goto 0xb0ab0c9d;
				_t458[1] =  *_t516 & 0x0000ffff;
				r12d = _v100;
				if (_t518 == _a16) goto 0xb0ab0cbc;
				free(??);
				r12d =  ==  ? _t293 - r13d : r12d;
				goto 0xb0ab0d32;
				if (GetLastError() != 5) goto 0xb0ab0cef;
				E00007FF67FF6B0AA78AC(_t443);
				 *_t443 = 9;
				_t279 = E00007FF67FF6B0AA78CC(_t443);
				 *_t443 = 5;
				goto 0xb0ab0a0d;
				if (_t279 != 0x6d) goto 0xb0ab0cf9;
				r12d = 0;
				goto 0xb0ab0ca7;
				E00007FF67FF6B0AA78EC(_t279, _t443);
				goto 0xb0ab0a0d;
				goto 0xb0ab0d32;
				E00007FF67FF6B0AA78CC(_t443);
				 *_t443 = 0;
				E00007FF67FF6B0AA78AC(_t443);
				 *_t443 = 9;
				r9d = 0;
				r8d = 0;
				_v120 = _t485;
				return E00007FF67FF6B0AA4430(_t443,  &(_t458[2]), _t518, 0xfffffffe, _t487, _t488, 0x7ff6b0a90000) | 0xffffffff;
			}







































































                                                                                                                                                                                                    0x7ff6b0ab05c4
                                                                                                                                                                                                    0x7ff6b0ab05c4
                                                                                                                                                                                                    0x7ff6b0ab05c4
                                                                                                                                                                                                    0x7ff6b0ab05c9
                                                                                                                                                                                                    0x7ff6b0ab05dd
                                                                                                                                                                                                    0x7ff6b0ab05e3
                                                                                                                                                                                                    0x7ff6b0ab05e6
                                                                                                                                                                                                    0x7ff6b0ab05e9
                                                                                                                                                                                                    0x7ff6b0ab05ee
                                                                                                                                                                                                    0x7ff6b0ab05f5
                                                                                                                                                                                                    0x7ff6b0ab05f7
                                                                                                                                                                                                    0x7ff6b0ab05fe
                                                                                                                                                                                                    0x7ff6b0ab0600
                                                                                                                                                                                                    0x7ff6b0ab0605
                                                                                                                                                                                                    0x7ff6b0ab060b
                                                                                                                                                                                                    0x7ff6b0ab0614
                                                                                                                                                                                                    0x7ff6b0ab061a
                                                                                                                                                                                                    0x7ff6b0ab0620
                                                                                                                                                                                                    0x7ff6b0ab0633
                                                                                                                                                                                                    0x7ff6b0ab063a
                                                                                                                                                                                                    0x7ff6b0ab0642
                                                                                                                                                                                                    0x7ff6b0ab064c
                                                                                                                                                                                                    0x7ff6b0ab0658
                                                                                                                                                                                                    0x7ff6b0ab065a
                                                                                                                                                                                                    0x7ff6b0ab065f
                                                                                                                                                                                                    0x7ff6b0ab0661
                                                                                                                                                                                                    0x7ff6b0ab0666
                                                                                                                                                                                                    0x7ff6b0ab066c
                                                                                                                                                                                                    0x7ff6b0ab0675
                                                                                                                                                                                                    0x7ff6b0ab067d
                                                                                                                                                                                                    0x7ff6b0ab0683
                                                                                                                                                                                                    0x7ff6b0ab0686
                                                                                                                                                                                                    0x7ff6b0ab0688
                                                                                                                                                                                                    0x7ff6b0ab068d
                                                                                                                                                                                                    0x7ff6b0ab0693
                                                                                                                                                                                                    0x7ff6b0ab0696
                                                                                                                                                                                                    0x7ff6b0ab06a0
                                                                                                                                                                                                    0x7ff6b0ab06a5
                                                                                                                                                                                                    0x7ff6b0ab06ad
                                                                                                                                                                                                    0x7ff6b0ab06af
                                                                                                                                                                                                    0x7ff6b0ab06b5
                                                                                                                                                                                                    0x7ff6b0ab06bd
                                                                                                                                                                                                    0x7ff6b0ab06c4
                                                                                                                                                                                                    0x7ff6b0ab06ca
                                                                                                                                                                                                    0x7ff6b0ab06cf
                                                                                                                                                                                                    0x7ff6b0ab06d5
                                                                                                                                                                                                    0x7ff6b0ab06d7
                                                                                                                                                                                                    0x7ff6b0ab06dc
                                                                                                                                                                                                    0x7ff6b0ab06e2
                                                                                                                                                                                                    0x7ff6b0ab06e7
                                                                                                                                                                                                    0x7ff6b0ab06ed
                                                                                                                                                                                                    0x7ff6b0ab06fb
                                                                                                                                                                                                    0x7ff6b0ab06fb
                                                                                                                                                                                                    0x7ff6b0ab06ff
                                                                                                                                                                                                    0x7ff6b0ab0716
                                                                                                                                                                                                    0x7ff6b0ab071b
                                                                                                                                                                                                    0x7ff6b0ab0726
                                                                                                                                                                                                    0x7ff6b0ab0731
                                                                                                                                                                                                    0x7ff6b0ab0737
                                                                                                                                                                                                    0x7ff6b0ab073e
                                                                                                                                                                                                    0x7ff6b0ab0746
                                                                                                                                                                                                    0x7ff6b0ab074c
                                                                                                                                                                                                    0x7ff6b0ab0758
                                                                                                                                                                                                    0x7ff6b0ab075c
                                                                                                                                                                                                    0x7ff6b0ab075f
                                                                                                                                                                                                    0x7ff6b0ab075f
                                                                                                                                                                                                    0x7ff6b0ab0767
                                                                                                                                                                                                    0x7ff6b0ab076f
                                                                                                                                                                                                    0x7ff6b0ab0779
                                                                                                                                                                                                    0x7ff6b0ab0780
                                                                                                                                                                                                    0x7ff6b0ab0784
                                                                                                                                                                                                    0x7ff6b0ab0786
                                                                                                                                                                                                    0x7ff6b0ab0790
                                                                                                                                                                                                    0x7ff6b0ab079a
                                                                                                                                                                                                    0x7ff6b0ab07a3
                                                                                                                                                                                                    0x7ff6b0ab07ad
                                                                                                                                                                                                    0x7ff6b0ab07b4
                                                                                                                                                                                                    0x7ff6b0ab07b8
                                                                                                                                                                                                    0x7ff6b0ab07ba
                                                                                                                                                                                                    0x7ff6b0ab07bc
                                                                                                                                                                                                    0x7ff6b0ab07c7
                                                                                                                                                                                                    0x7ff6b0ab07cb
                                                                                                                                                                                                    0x7ff6b0ab07ce
                                                                                                                                                                                                    0x7ff6b0ab07e0
                                                                                                                                                                                                    0x7ff6b0ab07e7
                                                                                                                                                                                                    0x7ff6b0ab07f4
                                                                                                                                                                                                    0x7ff6b0ab0801
                                                                                                                                                                                                    0x7ff6b0ab080c
                                                                                                                                                                                                    0x7ff6b0ab081b
                                                                                                                                                                                                    0x7ff6b0ab0828
                                                                                                                                                                                                    0x7ff6b0ab0832
                                                                                                                                                                                                    0x7ff6b0ab083a
                                                                                                                                                                                                    0x7ff6b0ab0841
                                                                                                                                                                                                    0x7ff6b0ab0843
                                                                                                                                                                                                    0x7ff6b0ab0848
                                                                                                                                                                                                    0x7ff6b0ab084a
                                                                                                                                                                                                    0x7ff6b0ab0852
                                                                                                                                                                                                    0x7ff6b0ab0855
                                                                                                                                                                                                    0x7ff6b0ab0858
                                                                                                                                                                                                    0x7ff6b0ab085b
                                                                                                                                                                                                    0x7ff6b0ab0863
                                                                                                                                                                                                    0x7ff6b0ab086e
                                                                                                                                                                                                    0x7ff6b0ab0874
                                                                                                                                                                                                    0x7ff6b0ab087d
                                                                                                                                                                                                    0x7ff6b0ab087f
                                                                                                                                                                                                    0x7ff6b0ab0881
                                                                                                                                                                                                    0x7ff6b0ab0884
                                                                                                                                                                                                    0x7ff6b0ab0887
                                                                                                                                                                                                    0x7ff6b0ab0897
                                                                                                                                                                                                    0x7ff6b0ab0899
                                                                                                                                                                                                    0x7ff6b0ab0899
                                                                                                                                                                                                    0x7ff6b0ab08a1
                                                                                                                                                                                                    0x7ff6b0ab08a7
                                                                                                                                                                                                    0x7ff6b0ab08af
                                                                                                                                                                                                    0x7ff6b0ab08c1
                                                                                                                                                                                                    0x7ff6b0ab08cd
                                                                                                                                                                                                    0x7ff6b0ab08d3
                                                                                                                                                                                                    0x7ff6b0ab08d6
                                                                                                                                                                                                    0x7ff6b0ab08e3
                                                                                                                                                                                                    0x7ff6b0ab08ed
                                                                                                                                                                                                    0x7ff6b0ab08f3
                                                                                                                                                                                                    0x7ff6b0ab0909
                                                                                                                                                                                                    0x7ff6b0ab0913
                                                                                                                                                                                                    0x7ff6b0ab0915
                                                                                                                                                                                                    0x7ff6b0ab0918
                                                                                                                                                                                                    0x7ff6b0ab0927
                                                                                                                                                                                                    0x7ff6b0ab092b
                                                                                                                                                                                                    0x7ff6b0ab0930
                                                                                                                                                                                                    0x7ff6b0ab093a
                                                                                                                                                                                                    0x7ff6b0ab093c
                                                                                                                                                                                                    0x7ff6b0ab093f
                                                                                                                                                                                                    0x7ff6b0ab0948
                                                                                                                                                                                                    0x7ff6b0ab0952
                                                                                                                                                                                                    0x7ff6b0ab0966
                                                                                                                                                                                                    0x7ff6b0ab0968
                                                                                                                                                                                                    0x7ff6b0ab0971
                                                                                                                                                                                                    0x7ff6b0ab0974
                                                                                                                                                                                                    0x7ff6b0ab097c
                                                                                                                                                                                                    0x7ff6b0ab0982
                                                                                                                                                                                                    0x7ff6b0ab0984
                                                                                                                                                                                                    0x7ff6b0ab0991
                                                                                                                                                                                                    0x7ff6b0ab0993
                                                                                                                                                                                                    0x7ff6b0ab0998
                                                                                                                                                                                                    0x7ff6b0ab099e
                                                                                                                                                                                                    0x7ff6b0ab09ac
                                                                                                                                                                                                    0x7ff6b0ab09b4
                                                                                                                                                                                                    0x7ff6b0ab09ba
                                                                                                                                                                                                    0x7ff6b0ab09c0
                                                                                                                                                                                                    0x7ff6b0ab09c6
                                                                                                                                                                                                    0x7ff6b0ab09c8
                                                                                                                                                                                                    0x7ff6b0ab09cb
                                                                                                                                                                                                    0x7ff6b0ab09d0
                                                                                                                                                                                                    0x7ff6b0ab09d3
                                                                                                                                                                                                    0x7ff6b0ab09d8
                                                                                                                                                                                                    0x7ff6b0ab09dd
                                                                                                                                                                                                    0x7ff6b0ab09df
                                                                                                                                                                                                    0x7ff6b0ab09e2
                                                                                                                                                                                                    0x7ff6b0ab09f0
                                                                                                                                                                                                    0x7ff6b0ab0a00
                                                                                                                                                                                                    0x7ff6b0ab0a02
                                                                                                                                                                                                    0x7ff6b0ab0a07
                                                                                                                                                                                                    0x7ff6b0ab0a0d
                                                                                                                                                                                                    0x7ff6b0ab0a11
                                                                                                                                                                                                    0x7ff6b0ab0a1a
                                                                                                                                                                                                    0x7ff6b0ab0a22
                                                                                                                                                                                                    0x7ff6b0ab0a24
                                                                                                                                                                                                    0x7ff6b0ab0a31
                                                                                                                                                                                                    0x7ff6b0ab0a33
                                                                                                                                                                                                    0x7ff6b0ab0a39
                                                                                                                                                                                                    0x7ff6b0ab0a3d
                                                                                                                                                                                                    0x7ff6b0ab0a4c
                                                                                                                                                                                                    0x7ff6b0ab0a53
                                                                                                                                                                                                    0x7ff6b0ab0a62
                                                                                                                                                                                                    0x7ff6b0ab0a6c
                                                                                                                                                                                                    0x7ff6b0ab0a77
                                                                                                                                                                                                    0x7ff6b0ab0a7d
                                                                                                                                                                                                    0x7ff6b0ab0a8e
                                                                                                                                                                                                    0x7ff6b0ab0a93
                                                                                                                                                                                                    0x7ff6b0ab0a99
                                                                                                                                                                                                    0x7ff6b0ab0aa4
                                                                                                                                                                                                    0x7ff6b0ab0aa9
                                                                                                                                                                                                    0x7ff6b0ab0ab3
                                                                                                                                                                                                    0x7ff6b0ab0abd
                                                                                                                                                                                                    0x7ff6b0ab0ac2
                                                                                                                                                                                                    0x7ff6b0ab0ac6
                                                                                                                                                                                                    0x7ff6b0ab0acb
                                                                                                                                                                                                    0x7ff6b0ab0ae1
                                                                                                                                                                                                    0x7ff6b0ab0ae7
                                                                                                                                                                                                    0x7ff6b0ab0aeb
                                                                                                                                                                                                    0x7ff6b0ab0af7
                                                                                                                                                                                                    0x7ff6b0ab0afe
                                                                                                                                                                                                    0x7ff6b0ab0b00
                                                                                                                                                                                                    0x7ff6b0ab0b05
                                                                                                                                                                                                    0x7ff6b0ab0b07
                                                                                                                                                                                                    0x7ff6b0ab0b0f
                                                                                                                                                                                                    0x7ff6b0ab0b12
                                                                                                                                                                                                    0x7ff6b0ab0b15
                                                                                                                                                                                                    0x7ff6b0ab0b1c
                                                                                                                                                                                                    0x7ff6b0ab0b27
                                                                                                                                                                                                    0x7ff6b0ab0b30
                                                                                                                                                                                                    0x7ff6b0ab0b39
                                                                                                                                                                                                    0x7ff6b0ab0b3b
                                                                                                                                                                                                    0x7ff6b0ab0b3e
                                                                                                                                                                                                    0x7ff6b0ab0b42
                                                                                                                                                                                                    0x7ff6b0ab0b46
                                                                                                                                                                                                    0x7ff6b0ab0b52
                                                                                                                                                                                                    0x7ff6b0ab0b54
                                                                                                                                                                                                    0x7ff6b0ab0b54
                                                                                                                                                                                                    0x7ff6b0ab0b5c
                                                                                                                                                                                                    0x7ff6b0ab0b62
                                                                                                                                                                                                    0x7ff6b0ab0b6a
                                                                                                                                                                                                    0x7ff6b0ab0b88
                                                                                                                                                                                                    0x7ff6b0ab0b8e
                                                                                                                                                                                                    0x7ff6b0ab0b92
                                                                                                                                                                                                    0x7ff6b0ab0b9f
                                                                                                                                                                                                    0x7ff6b0ab0ba9
                                                                                                                                                                                                    0x7ff6b0ab0bb3
                                                                                                                                                                                                    0x7ff6b0ab0bcd
                                                                                                                                                                                                    0x7ff6b0ab0bdc
                                                                                                                                                                                                    0x7ff6b0ab0bde
                                                                                                                                                                                                    0x7ff6b0ab0bf0
                                                                                                                                                                                                    0x7ff6b0ab0c03
                                                                                                                                                                                                    0x7ff6b0ab0c0f
                                                                                                                                                                                                    0x7ff6b0ab0c13
                                                                                                                                                                                                    0x7ff6b0ab0c18
                                                                                                                                                                                                    0x7ff6b0ab0c27
                                                                                                                                                                                                    0x7ff6b0ab0c29
                                                                                                                                                                                                    0x7ff6b0ab0c2c
                                                                                                                                                                                                    0x7ff6b0ab0c3c
                                                                                                                                                                                                    0x7ff6b0ab0c40
                                                                                                                                                                                                    0x7ff6b0ab0c59
                                                                                                                                                                                                    0x7ff6b0ab0c5b
                                                                                                                                                                                                    0x7ff6b0ab0c69
                                                                                                                                                                                                    0x7ff6b0ab0c73
                                                                                                                                                                                                    0x7ff6b0ab0c79
                                                                                                                                                                                                    0x7ff6b0ab0c7b
                                                                                                                                                                                                    0x7ff6b0ab0c88
                                                                                                                                                                                                    0x7ff6b0ab0c8a
                                                                                                                                                                                                    0x7ff6b0ab0c8f
                                                                                                                                                                                                    0x7ff6b0ab0c96
                                                                                                                                                                                                    0x7ff6b0ab0ca2
                                                                                                                                                                                                    0x7ff6b0ab0cb2
                                                                                                                                                                                                    0x7ff6b0ab0cb7
                                                                                                                                                                                                    0x7ff6b0ab0cc0
                                                                                                                                                                                                    0x7ff6b0ab0cc7
                                                                                                                                                                                                    0x7ff6b0ab0cd2
                                                                                                                                                                                                    0x7ff6b0ab0cd4
                                                                                                                                                                                                    0x7ff6b0ab0cd9
                                                                                                                                                                                                    0x7ff6b0ab0cdf
                                                                                                                                                                                                    0x7ff6b0ab0ce4
                                                                                                                                                                                                    0x7ff6b0ab0cea
                                                                                                                                                                                                    0x7ff6b0ab0cf2
                                                                                                                                                                                                    0x7ff6b0ab0cf4
                                                                                                                                                                                                    0x7ff6b0ab0cf7
                                                                                                                                                                                                    0x7ff6b0ab0cfb
                                                                                                                                                                                                    0x7ff6b0ab0d00
                                                                                                                                                                                                    0x7ff6b0ab0d07
                                                                                                                                                                                                    0x7ff6b0ab0d09
                                                                                                                                                                                                    0x7ff6b0ab0d0e
                                                                                                                                                                                                    0x7ff6b0ab0d10
                                                                                                                                                                                                    0x7ff6b0ab0d15
                                                                                                                                                                                                    0x7ff6b0ab0d1b
                                                                                                                                                                                                    0x7ff6b0ab0d1e
                                                                                                                                                                                                    0x7ff6b0ab0d25
                                                                                                                                                                                                    0x7ff6b0ab0d42

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: edecc77121cc5808f797c38e0de8add454756a7ebf3f8fd74126f6dce199133d
                                                                                                                                                                                                    • Instruction ID: d9c386711e84aeed6617ca599d511a8fea293ff36aa06d07ecdd7400a74da0ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: edecc77121cc5808f797c38e0de8add454756a7ebf3f8fd74126f6dce199133d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5922E423A0C68AA6E7619B1C94847BD7F91BB81790F588A35CB5E937D7DF2CE444C302
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA9D48 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E00007FF67FF6B0AA9D48(void* __ebx, void* __ecx, void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, signed int* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t152;
				intOrPtr _t155;
				void* _t160;
				void* _t161;
				signed int _t162;
				void* _t207;
				void* _t208;
				signed int* _t213;
				long long _t214;
				signed int _t220;
				intOrPtr _t222;
				signed int* _t223;
				void* _t271;
				intOrPtr* _t272;
				intOrPtr* _t273;
				void* _t275;
				signed int* _t276;
				void* _t280;
				long long _t281;
				intOrPtr* _t283;
				signed int* _t285;
				void* _t288;
				void* _t289;
				void* _t307;
				long long _t308;
				void* _t310;
				void* _t315;
				signed int* _t316;
				void* _t318;
				signed int* _t320;

				_t207 = __rax;
				_t159 = __edi;
				_t152 = __ecx;
				 *((long long*)(_t288 + 0x20)) = __rbx;
				 *((long long*)(_t288 + 0x18)) = __r8;
				 *((long long*)(_t288 + 0x10)) = __rdx;
				_t289 = _t288 - 0xa0;
				_t222 =  *((intOrPtr*)(_t289 + 0x100));
				r15d = 0;
				_t308 = __rdx;
				_t272 = __rcx;
				_t316 = __r9;
				_t281 = __r8;
				 *((intOrPtr*)(_t289 + 0x60)) = r15b;
				r14b = r15b;
				 *((intOrPtr*)(_t289 + 0xe0)) = r15b;
				_t160 = E00007FF67FF6B0AB2548(_t222, __r9);
				E00007FF67FF6B0AA71FC(__edi, _t207, _t222, __rdx, _t316, _t275, _t281, _t222, _t289 + 0x78, _t320, _t318);
				if (_t160 - E00007FF67FF6B0AB25C0(_t207, __rdx, _t222) <= 0) goto 0xb0aa9de8;
				r9d = _t160;
				E00007FF67FF6B0AB2578(_t106, _t289 + 0x78, _t222);
				r9d = _t160;
				E00007FF67FF6B0AB2584(_t207, _t222, _t308, _t222, _t315);
				goto 0xb0aa9df2;
				_t161 = E00007FF67FF6B0AB25C0(_t207, _t308, _t222);
				if (_t161 - 0xffffffff < 0) goto 0xb0aa9dfc;
				if (_t161 -  *((intOrPtr*)(_t222 + 4)) < 0) goto 0xb0aa9e01;
				E00007FF67FF6B0AB0148(_t207);
				if ( *_t272 != 0xe06d7363) goto 0xb0aaa258;
				if ( *((intOrPtr*)(_t272 + 0x18)) != 4) goto 0xb0aa9fc7;
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0x19930520) goto 0xb0aa9e36;
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0x19930521) goto 0xb0aa9e36;
				if ( *((intOrPtr*)(_t272 + 0x20)) != 0x19930522) goto 0xb0aa9fc7;
				if ( *((intOrPtr*)(_t272 + 0x30)) != _t320) goto 0xb0aa9fc7;
				E00007FF67FF6B0AAB93C(_t152,  *((intOrPtr*)(_t272 + 0x30)) - _t320, _t207);
				if ( *((intOrPtr*)(_t207 + 0xf0)) == _t320) goto 0xb0aaa23d;
				E00007FF67FF6B0AAB93C(_t152,  *((intOrPtr*)(_t207 + 0xf0)) - _t320, _t207);
				_t273 =  *((intOrPtr*)(_t207 + 0xf0));
				E00007FF67FF6B0AAB93C(_t152,  *((intOrPtr*)(_t207 + 0xf0)) - _t320, _t207);
				 *((char*)(_t289 + 0x60)) = 1;
				 *((long long*)(_t289 + 0xf0)) =  *((intOrPtr*)(_t207 + 0xf8));
				if (E00007FF67FF6B0AB4658(E00007FF67FF6B0AA7334(_t207,  *((intOrPtr*)(_t273 + 0x38))), _t273) != r15d) goto 0xb0aa9e97;
				E00007FF67FF6B0AB0148(_t207);
				if ( *_t273 != 0xe06d7363) goto 0xb0aa9ecb;
				if ( *((intOrPtr*)(_t273 + 0x18)) != 4) goto 0xb0aa9ecb;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930520) goto 0xb0aa9ec0;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930521) goto 0xb0aa9ec0;
				if ( *((intOrPtr*)(_t273 + 0x20)) != 0x19930522) goto 0xb0aa9ecb;
				if ( *((intOrPtr*)(_t273 + 0x30)) != _t320) goto 0xb0aa9ecb;
				E00007FF67FF6B0AB0148(_t207);
				E00007FF67FF6B0AAB93C(_t152,  *((intOrPtr*)(_t273 + 0x30)) - _t320, _t207);
				if ( *(_t207 + 0x108) == _t320) goto 0xb0aa9fc7;
				E00007FF67FF6B0AAB93C(_t152,  *(_t207 + 0x108) - _t320, _t207);
				_t283 =  *(_t207 + 0x108);
				E00007FF67FF6B0AAB93C(_t152,  *(_t207 + 0x108) - _t320, _t207);
				 *(_t207 + 0x108) = _t320;
				if (E00007FF67FF6B0AA9468(_t207, _t222, _t273, _t283, _t275, _t283) != r15b) goto 0xb0aa9fbf;
				r12d = r15d;
				if ( *_t283 - r15d <= 0) goto 0xb0aa9f67;
				_t276 = _t320;
				E00007FF67FF6B0AA72E8(_t207);
				_t208 = _t207 + _t276;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t283 + 4)) + _t208 + 4)) == r15d) goto 0xb0aa9f43;
				E00007FF67FF6B0AA72E8(_t208);
				_t223 =  *((intOrPtr*)( *((intOrPtr*)(_t283 + 4)) + _t208 + _t276 + 4));
				E00007FF67FF6B0AA72E8(_t208 + _t276);
				goto 0xb0aa9f46;
				if (E00007FF67FF6B0AA45C0(_t320, 0xb0ae0408) != r15b) goto 0xb0aa9f6d;
				r12d = r12d + 1;
				if (r12d -  *_t283 < 0) goto 0xb0aa9f15;
				E00007FF67FF6B0AB0124(r12d -  *_t283, _t320);
				asm("int3");
				E00007FF67FF6B0AA93E4(1, _t273);
				 *((long long*)(_t289 + 0xe0)) = "bad exception";
				E00007FF67FF6B0AA40EC(_t223, _t289 + 0x88, _t289 + 0xe0,  &(_t276[5]), _t307);
				 *((long long*)(_t289 + 0x88)) = 0xb0ad0da8;
				E00007FF67FF6B0AA7168(_t320, _t223, _t289 + 0x88, 0xb0ade0e0, _t271);
				asm("int3");
				if ( *_t273 != 0xe06d7363) goto 0xb0aaa258;
				if ( *((intOrPtr*)(_t273 + 0x18)) != 4) goto 0xb0aaa258;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930520) goto 0xb0aa9ffc;
				if ( *((intOrPtr*)(_t273 + 0x20)) == 0x19930521) goto 0xb0aa9ffc;
				if ( *((intOrPtr*)(_t273 + 0x20)) != 0x19930522) goto 0xb0aaa258;
				if (_t223[3] - r15d <= 0) goto 0xb0aaa18a;
				r8d =  *((intOrPtr*)(_t289 + 0x110));
				 *(_t289 + 0x30) = _t316;
				 *(_t289 + 0x28) = _t289 + 0x68;
				_t213 = _t289 + 0x64;
				r9d = _t161;
				 *(_t289 + 0x20) = _t213;
				E00007FF67FF6B0AA757C(__ebx, _t223, _t223,  &(_t276[5]));
				_t285 = _t213;
				if ( *((intOrPtr*)(_t289 + 0x64)) -  *((intOrPtr*)(_t289 + 0x68)) >= 0) goto 0xb0aaa18a;
				if ( *_t285 - _t161 > 0) goto 0xb0aaa16f;
				if (_t161 - _t285[1] > 0) goto 0xb0aaa16f;
				E00007FF67FF6B0AA72E8(_t213);
				r14d = _t285[3];
				_t310 = _t213 + _t285[4];
				if (r14d - r15d <= 0) goto 0xb0aaa157;
				E00007FF67FF6B0AA7300(_t213);
				_t214 = _t213 +  *((intOrPtr*)( *((intOrPtr*)(_t273 + 0x30)) + 0xc)) + 4;
				 *((long long*)(_t289 + 0x70)) = _t214;
				E00007FF67FF6B0AA7300(_t214);
				r15d =  *((intOrPtr*)(_t214 +  *((intOrPtr*)( *((intOrPtr*)(_t273 + 0x30)) + 0xc))));
				goto 0xb0aaa0d1;
				E00007FF67FF6B0AA7300(_t214);
				 *((long long*)(_t289 + 0x80)) = _t214 +  *((intOrPtr*)( *((intOrPtr*)(_t289 + 0x70))));
				if (E00007FF67FF6B0AA90E0(_t223, _t310, _t214 +  *((intOrPtr*)( *((intOrPtr*)(_t289 + 0x70)))), _t273,  &(_t276[5]),  *((intOrPtr*)(_t273 + 0x30))) != 0) goto 0xb0aaa0e2;
				r15d = r15d - 1;
				 *((long long*)(_t289 + 0x70)) =  *((long long*)(_t289 + 0x70)) + 4;
				if (r15d > 0) goto 0xb0aaa09d;
				r14d = r14d - 1;
				r15d = 0;
				goto 0xb0aaa06a;
				r14b = 1;
				 *((char*)(_t289 + 0x58)) =  *((intOrPtr*)(_t289 + 0x108));
				 *((char*)(_t289 + 0x50)) =  *((intOrPtr*)(_t289 + 0x60));
				 *((long long*)(_t289 + 0x48)) =  *((intOrPtr*)(_t289 + 0x118));
				 *((intOrPtr*)(_t289 + 0xe0)) = r14b;
				 *((intOrPtr*)(_t289 + 0x40)) =  *((intOrPtr*)(_t289 + 0x110));
				 *(_t289 + 0x38) = _t285;
				 *(_t289 + 0x30) =  *((intOrPtr*)(_t289 + 0x80));
				 *(_t289 + 0x28) = _t310 + 0x14;
				 *(_t289 + 0x20) = _t223;
				E00007FF67FF6B0AA9A40( *((intOrPtr*)(_t289 + 0x64)), _t159, _t223, _t273,  *((intOrPtr*)(_t289 + 0xe8)), _t285,  *((intOrPtr*)(_t289 + 0xf0)), _t316);
				r15d = 0;
				goto 0xb0aaa167;
				r14b =  *((intOrPtr*)(_t289 + 0xe0));
				_t155 =  *((intOrPtr*)(_t289 + 0x64)) + 1;
				 *((intOrPtr*)(_t289 + 0x64)) = _t155;
				if (_t155 -  *((intOrPtr*)(_t289 + 0x68)) < 0) goto 0xb0aaa048;
				if (r14b != r15b) goto 0xb0aaa22a;
				if (( *_t223 & 0x1fffffff) - 0x19930521 < 0) goto 0xb0aaa22a;
				_t162 = _t223[8];
				if (_t162 == r15d) goto 0xb0aaa1b1;
				E00007FF67FF6B0AA72E8( *((intOrPtr*)(_t289 + 0x80)));
				goto 0xb0aaa1b4;
				if (_t320 == _t320) goto 0xb0aaa22a;
				if (_t162 == r15d) goto 0xb0aaa1cf;
				E00007FF67FF6B0AA72E8(_t320);
				_t220 = _t223[8];
				goto 0xb0aaa1d2;
				if (E00007FF67FF6B0AA9468(_t220, _t223, _t273, _t320, _t162,  &(_t285[5])) != r15b) goto 0xb0aaa22a;
				E00007FF67FF6B0AA71FC(_t159, _t220, _t223,  *((intOrPtr*)(_t289 + 0xe8)), _t316, _t162,  &(_t285[5]), _t223, _t289 + 0xe0, _t275, _t280);
				 *((char*)(_t289 + 0x40)) =  *((intOrPtr*)(_t289 + 0x108));
				 *(_t289 + 0x38) = _t316;
				 *(_t289 + 0x30) = _t223;
				 *(_t289 + 0x28) =  *(_t289 + 0x28) | 0xffffffff;
				 *(_t289 + 0x20) = _t320;
				E00007FF67FF6B0AA777C(_t223,  *((intOrPtr*)(_t289 + 0xe8)), _t273, _t162,  &(_t285[5]),  *((intOrPtr*)(_t289 + 0xf0)), _t220);
				E00007FF67FF6B0AAB93C( *((intOrPtr*)(_t289 + 0x108)), E00007FF67FF6B0AA9468(_t220, _t223, _t273, _t320, _t162,  &(_t285[5])) - r15b, _t220);
				if ( *((intOrPtr*)(_t220 + 0x108)) == _t320) goto 0xb0aaa23d;
				return E00007FF67FF6B0AB0148(_t220);
			}




































                                                                                                                                                                                                    0x7ff6b0aa9d48
                                                                                                                                                                                                    0x7ff6b0aa9d48
                                                                                                                                                                                                    0x7ff6b0aa9d48
                                                                                                                                                                                                    0x7ff6b0aa9d48
                                                                                                                                                                                                    0x7ff6b0aa9d4d
                                                                                                                                                                                                    0x7ff6b0aa9d52
                                                                                                                                                                                                    0x7ff6b0aa9d62
                                                                                                                                                                                                    0x7ff6b0aa9d69
                                                                                                                                                                                                    0x7ff6b0aa9d71
                                                                                                                                                                                                    0x7ff6b0aa9d74
                                                                                                                                                                                                    0x7ff6b0aa9d77
                                                                                                                                                                                                    0x7ff6b0aa9d80
                                                                                                                                                                                                    0x7ff6b0aa9d83
                                                                                                                                                                                                    0x7ff6b0aa9d86
                                                                                                                                                                                                    0x7ff6b0aa9d8b
                                                                                                                                                                                                    0x7ff6b0aa9d8e
                                                                                                                                                                                                    0x7ff6b0aa9da9
                                                                                                                                                                                                    0x7ff6b0aa9dab
                                                                                                                                                                                                    0x7ff6b0aa9dc6
                                                                                                                                                                                                    0x7ff6b0aa9dcd
                                                                                                                                                                                                    0x7ff6b0aa9dd0
                                                                                                                                                                                                    0x7ff6b0aa9dd5
                                                                                                                                                                                                    0x7ff6b0aa9de1
                                                                                                                                                                                                    0x7ff6b0aa9de6
                                                                                                                                                                                                    0x7ff6b0aa9df0
                                                                                                                                                                                                    0x7ff6b0aa9df5
                                                                                                                                                                                                    0x7ff6b0aa9dfa
                                                                                                                                                                                                    0x7ff6b0aa9dfc
                                                                                                                                                                                                    0x7ff6b0aa9e07
                                                                                                                                                                                                    0x7ff6b0aa9e11
                                                                                                                                                                                                    0x7ff6b0aa9e1e
                                                                                                                                                                                                    0x7ff6b0aa9e27
                                                                                                                                                                                                    0x7ff6b0aa9e30
                                                                                                                                                                                                    0x7ff6b0aa9e3a
                                                                                                                                                                                                    0x7ff6b0aa9e40
                                                                                                                                                                                                    0x7ff6b0aa9e4c
                                                                                                                                                                                                    0x7ff6b0aa9e52
                                                                                                                                                                                                    0x7ff6b0aa9e57
                                                                                                                                                                                                    0x7ff6b0aa9e5e
                                                                                                                                                                                                    0x7ff6b0aa9e6e
                                                                                                                                                                                                    0x7ff6b0aa9e73
                                                                                                                                                                                                    0x7ff6b0aa9e90
                                                                                                                                                                                                    0x7ff6b0aa9e92
                                                                                                                                                                                                    0x7ff6b0aa9e9d
                                                                                                                                                                                                    0x7ff6b0aa9ea3
                                                                                                                                                                                                    0x7ff6b0aa9eac
                                                                                                                                                                                                    0x7ff6b0aa9eb5
                                                                                                                                                                                                    0x7ff6b0aa9ebe
                                                                                                                                                                                                    0x7ff6b0aa9ec4
                                                                                                                                                                                                    0x7ff6b0aa9ec6
                                                                                                                                                                                                    0x7ff6b0aa9ecb
                                                                                                                                                                                                    0x7ff6b0aa9ed7
                                                                                                                                                                                                    0x7ff6b0aa9edd
                                                                                                                                                                                                    0x7ff6b0aa9ee2
                                                                                                                                                                                                    0x7ff6b0aa9ee9
                                                                                                                                                                                                    0x7ff6b0aa9ef4
                                                                                                                                                                                                    0x7ff6b0aa9f03
                                                                                                                                                                                                    0x7ff6b0aa9f0d
                                                                                                                                                                                                    0x7ff6b0aa9f10
                                                                                                                                                                                                    0x7ff6b0aa9f12
                                                                                                                                                                                                    0x7ff6b0aa9f15
                                                                                                                                                                                                    0x7ff6b0aa9f1e
                                                                                                                                                                                                    0x7ff6b0aa9f26
                                                                                                                                                                                                    0x7ff6b0aa9f28
                                                                                                                                                                                                    0x7ff6b0aa9f34
                                                                                                                                                                                                    0x7ff6b0aa9f39
                                                                                                                                                                                                    0x7ff6b0aa9f41
                                                                                                                                                                                                    0x7ff6b0aa9f58
                                                                                                                                                                                                    0x7ff6b0aa9f5a
                                                                                                                                                                                                    0x7ff6b0aa9f65
                                                                                                                                                                                                    0x7ff6b0aa9f67
                                                                                                                                                                                                    0x7ff6b0aa9f6c
                                                                                                                                                                                                    0x7ff6b0aa9f72
                                                                                                                                                                                                    0x7ff6b0aa9f8e
                                                                                                                                                                                                    0x7ff6b0aa9f96
                                                                                                                                                                                                    0x7ff6b0aa9fb1
                                                                                                                                                                                                    0x7ff6b0aa9fb9
                                                                                                                                                                                                    0x7ff6b0aa9fbe
                                                                                                                                                                                                    0x7ff6b0aa9fcd
                                                                                                                                                                                                    0x7ff6b0aa9fd7
                                                                                                                                                                                                    0x7ff6b0aa9fe4
                                                                                                                                                                                                    0x7ff6b0aa9fed
                                                                                                                                                                                                    0x7ff6b0aa9ff6
                                                                                                                                                                                                    0x7ff6b0aaa000
                                                                                                                                                                                                    0x7ff6b0aaa006
                                                                                                                                                                                                    0x7ff6b0aaa013
                                                                                                                                                                                                    0x7ff6b0aaa018
                                                                                                                                                                                                    0x7ff6b0aaa01d
                                                                                                                                                                                                    0x7ff6b0aaa022
                                                                                                                                                                                                    0x7ff6b0aaa02b
                                                                                                                                                                                                    0x7ff6b0aaa030
                                                                                                                                                                                                    0x7ff6b0aaa039
                                                                                                                                                                                                    0x7ff6b0aaa042
                                                                                                                                                                                                    0x7ff6b0aaa04b
                                                                                                                                                                                                    0x7ff6b0aaa054
                                                                                                                                                                                                    0x7ff6b0aaa05a
                                                                                                                                                                                                    0x7ff6b0aaa063
                                                                                                                                                                                                    0x7ff6b0aaa067
                                                                                                                                                                                                    0x7ff6b0aaa06d
                                                                                                                                                                                                    0x7ff6b0aaa073
                                                                                                                                                                                                    0x7ff6b0aaa080
                                                                                                                                                                                                    0x7ff6b0aaa085
                                                                                                                                                                                                    0x7ff6b0aaa08a
                                                                                                                                                                                                    0x7ff6b0aaa097
                                                                                                                                                                                                    0x7ff6b0aaa09b
                                                                                                                                                                                                    0x7ff6b0aaa09d
                                                                                                                                                                                                    0x7ff6b0aaa0b7
                                                                                                                                                                                                    0x7ff6b0aaa0c6
                                                                                                                                                                                                    0x7ff6b0aaa0c8
                                                                                                                                                                                                    0x7ff6b0aaa0cb
                                                                                                                                                                                                    0x7ff6b0aaa0d4
                                                                                                                                                                                                    0x7ff6b0aaa0d6
                                                                                                                                                                                                    0x7ff6b0aaa0dd
                                                                                                                                                                                                    0x7ff6b0aaa0e0
                                                                                                                                                                                                    0x7ff6b0aaa0f1
                                                                                                                                                                                                    0x7ff6b0aaa0f4
                                                                                                                                                                                                    0x7ff6b0aaa0ff
                                                                                                                                                                                                    0x7ff6b0aaa10e
                                                                                                                                                                                                    0x7ff6b0aaa11a
                                                                                                                                                                                                    0x7ff6b0aaa122
                                                                                                                                                                                                    0x7ff6b0aaa12e
                                                                                                                                                                                                    0x7ff6b0aaa133
                                                                                                                                                                                                    0x7ff6b0aaa138
                                                                                                                                                                                                    0x7ff6b0aaa148
                                                                                                                                                                                                    0x7ff6b0aaa14d
                                                                                                                                                                                                    0x7ff6b0aaa152
                                                                                                                                                                                                    0x7ff6b0aaa155
                                                                                                                                                                                                    0x7ff6b0aaa157
                                                                                                                                                                                                    0x7ff6b0aaa16f
                                                                                                                                                                                                    0x7ff6b0aaa175
                                                                                                                                                                                                    0x7ff6b0aaa17b
                                                                                                                                                                                                    0x7ff6b0aaa184
                                                                                                                                                                                                    0x7ff6b0aaa196
                                                                                                                                                                                                    0x7ff6b0aaa19c
                                                                                                                                                                                                    0x7ff6b0aaa1a2
                                                                                                                                                                                                    0x7ff6b0aaa1a7
                                                                                                                                                                                                    0x7ff6b0aaa1af
                                                                                                                                                                                                    0x7ff6b0aaa1b7
                                                                                                                                                                                                    0x7ff6b0aaa1bc
                                                                                                                                                                                                    0x7ff6b0aaa1be
                                                                                                                                                                                                    0x7ff6b0aaa1c6
                                                                                                                                                                                                    0x7ff6b0aaa1cd
                                                                                                                                                                                                    0x7ff6b0aaa1dd
                                                                                                                                                                                                    0x7ff6b0aaa1f0
                                                                                                                                                                                                    0x7ff6b0aaa204
                                                                                                                                                                                                    0x7ff6b0aaa208
                                                                                                                                                                                                    0x7ff6b0aaa20d
                                                                                                                                                                                                    0x7ff6b0aaa212
                                                                                                                                                                                                    0x7ff6b0aaa220
                                                                                                                                                                                                    0x7ff6b0aaa225
                                                                                                                                                                                                    0x7ff6b0aaa22a
                                                                                                                                                                                                    0x7ff6b0aaa236
                                                                                                                                                                                                    0x7ff6b0aaa257

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$BlockUnwind$BaseEntryExceptionFunctionImageLookupRaiseThrow
                                                                                                                                                                                                    • String ID: bad exception$csm$csm$csm
                                                                                                                                                                                                    • API String ID: 2351602029-820278400
                                                                                                                                                                                                    • Opcode ID: 9879b71105d79e3faefd726c5ecf8e7106465e3219339e0629f894a23453c9a7
                                                                                                                                                                                                    • Instruction ID: 94e98bcf1530be86af13d999a44e8bdbc72af7302560363afc23481041a92089
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9879b71105d79e3faefd726c5ecf8e7106465e3219339e0629f894a23453c9a7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BE17233A08782A6DA709B29A4802BE6BA4FB54784F644935DF8D87BD7DF3CE4558700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9B470 Relevance: 19.7, APIs: 13, Instructions: 249COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF67FF6B0A9B470(long long __rdx, void* __r8, long long _a16, intOrPtr* _a40, intOrPtr* _a48, intOrPtr* _a56) {
				char _v56;
				char _v72;
				intOrPtr _v80;
				char _v88;
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* _t21;
				intOrPtr _t31;
				intOrPtr* _t36;
				long long* _t37;
				intOrPtr* _t38;
				intOrPtr* _t40;
				long long* _t42;
				void* _t44;
				void* _t46;
				void* _t54;
				void* _t55;

				_a16 = __rdx;
				_t36 = _a48;
				_t37 =  &_v72;
				_t42 =  &_v56;
				 *_t37 =  *_t36;
				 *((long long*)(_t37 + 8)) =  *((intOrPtr*)(_t36 + 8));
				_t38 = _a40;
				 *_t42 =  *_t38;
				 *((long long*)(_t42 + 8)) =  *((intOrPtr*)(_t38 + 8));
				E00007FF67FF6B0A9BC70( &_v88, __r8, _t44, _t46,  &_v56,  &_v72, __rdx, _t54, _t55);
				if ( *((long long*)(__r8 + 0x38)) != 0) goto 0xb0a9b5e3;
				_t31 = _v88;
				if (_t31 == 0xfffffffc) goto 0xb0a9b4f7;
				if (_t31 == 0) goto 0xb0a9b4f2;
				if (_t31 ==  *_t36) goto 0xb0a9b4f7;
				_t21 = E00007FF67FF6B0AA44B8();
				if (_v80 !=  *((intOrPtr*)(_t36 + 8))) goto 0xb0a9b528;
				_t40 = _a56;
				 *((long long*)(__rdx)) =  *_t40;
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(_t40 + 8));
				return _t21;
			}





















                                                                                                                                                                                                    0x7ff6b0a9b470
                                                                                                                                                                                                    0x7ff6b0a9b47f
                                                                                                                                                                                                    0x7ff6b0a9b487
                                                                                                                                                                                                    0x7ff6b0a9b492
                                                                                                                                                                                                    0x7ff6b0a9b49a
                                                                                                                                                                                                    0x7ff6b0a9b4a6
                                                                                                                                                                                                    0x7ff6b0a9b4aa
                                                                                                                                                                                                    0x7ff6b0a9b4ba
                                                                                                                                                                                                    0x7ff6b0a9b4c6
                                                                                                                                                                                                    0x7ff6b0a9b4cd
                                                                                                                                                                                                    0x7ff6b0a9b4d7
                                                                                                                                                                                                    0x7ff6b0a9b4dd
                                                                                                                                                                                                    0x7ff6b0a9b4e6
                                                                                                                                                                                                    0x7ff6b0a9b4eb
                                                                                                                                                                                                    0x7ff6b0a9b4f0
                                                                                                                                                                                                    0x7ff6b0a9b4f2
                                                                                                                                                                                                    0x7ff6b0a9b500
                                                                                                                                                                                                    0x7ff6b0a9b502
                                                                                                                                                                                                    0x7ff6b0a9b50d
                                                                                                                                                                                                    0x7ff6b0a9b515
                                                                                                                                                                                                    0x7ff6b0a9b527

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: c1a07d890f2d1985cc669972f8e1ed61626581fff1d6e9b679634fa50c2043ac
                                                                                                                                                                                                    • Instruction ID: a69cb50c110806d0b64a2d994984211fba2de65e7ae8ee462b88d605d5486888
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1a07d890f2d1985cc669972f8e1ed61626581fff1d6e9b679634fa50c2043ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34B17023729A4691DB609F1DE180279B7A0FB88BA8F584631DB9D877E6DF3DE441C310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AC8E80 Relevance: 19.7, APIs: 13, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF67FF6B0AC8E80(void* __ebx, void* __edx, signed int __ebp, long long __rbx, void* __rcx, void* __rdx, long long __rsi) {
				void* _t106;
				void* _t140;
				long long* _t143;
				long long _t148;
				intOrPtr* _t153;
				void* _t171;
				void* _t172;
				long long _t175;
				long long _t177;
				intOrPtr _t178;
				void* _t179;
				void* _t181;
				intOrPtr* _t182;
				intOrPtr _t183;
				long long _t185;
				long long _t186;
				intOrPtr _t190;
				void* _t193;
				void* _t194;
				void* _t207;
				long long _t208;

				_t106 = __edx;
				_t140 = _t193;
				_t194 = _t193 - 0xa0;
				 *((long long*)(_t194 + 0x30)) = 0xfffffffe;
				 *((long long*)(_t140 + 8)) = __rbx;
				 *((long long*)(_t140 + 0x18)) = _t185;
				 *((long long*)(_t140 + 0x20)) = __rsi;
				_t207 = __rdx;
				_t181 = __rcx;
				if (__rdx == 0) goto 0xb0ac9173;
				if (r8d == 0) goto 0xb0ac9173;
				_t153 = __rcx + 0x210;
				_t186 =  *((intOrPtr*)(_t153 + 0x20));
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t186 <= 0) goto 0xb0ac8ed5;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t194 + 0x40)) =  *_t153;
				 *((long long*)(_t194 + 0x48)) = _t186;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) =  *(_t194 + 0xc8) & 0x000000ff;
				E00007FF67FF6B0A9D1A0(_t106, _t153, _t153, _t194 + 0x60, __rcx, __rdx, __rdx + _t172);
				_t143 =  *((intOrPtr*)(_t153 + 0x20)) -  *((intOrPtr*)(_t153 + 0x18));
				if (_t143 - 3 >= 0) goto 0xb0ac8f30;
				goto 0xb0ac9175;
				_t112 =  *(_t181 + 0x2a4) * __ebp;
				 *(_t194 + 0xc8) = 0;
				E00007FF67FF6B0AA45E0(_t143, _t153);
				r13d = 0;
				if (_t143 == 0) goto 0xb0ac8f5b;
				 *_t143 = _t194 + 0x70;
				goto 0xb0ac8f5e;
				 *((long long*)(_t194 + 0x70)) = _t208;
				r12d =  *(_t181 + 0x2a4) * __ebp;
				E00007FF67FF6B0A94CA0(_t208, _t153, _t194 + 0x70, _t194 + 0x60, _t181, _t194 + 0xc8);
				if ( *((intOrPtr*)(_t194 + 0x90)) !=  *((intOrPtr*)(_t194 + 0x88))) goto 0xb0ac8f9d;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t153 + 0x20)) !=  *((intOrPtr*)(_t153 + 0x18))) goto 0xb0ac8fac;
				E00007FF67FF6B0AA44B8();
				 *((intOrPtr*)(_t194 + 0x20)) = r13d;
				r9d = __ebp;
				E00007FF67FF6B0AC77F0(_t181 + 0x20,  *((intOrPtr*)(_t153 + 0x18)), _t181,  *((intOrPtr*)(_t194 + 0x88)));
				_t175 =  *((intOrPtr*)(_t181 + 0x260));
				if ( *((intOrPtr*)(_t181 + 0x258)) - _t175 <= 0) goto 0xb0ac8fd9;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t194 + 0x60)) =  *((intOrPtr*)(_t181 + 0x240));
				 *((long long*)(_t194 + 0x68)) = _t175;
				_t148 =  *((intOrPtr*)(_t194 + 0x90));
				if ( *((intOrPtr*)(_t194 + 0x88)) - _t148 <= 0) goto 0xb0ac9017;
				E00007FF67FF6B0AA44B8();
				_t177 =  *((intOrPtr*)(_t194 + 0x88));
				 *((long long*)(_t194 + 0x40)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x48)) = _t148;
				if (_t177 -  *((intOrPtr*)(_t194 + 0x90)) <= 0) goto 0xb0ac9035;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t194 + 0x50)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x58)) = _t177;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) =  *(_t194 + 0xc8) & 0x000000ff;
				E00007FF67FF6B0A99750(_t112, _t153, _t181 + 0x240, _t194 + 0x60, _t181, _t194 + 0x50, _t194 + 0x40);
				_t178 =  *((intOrPtr*)(_t153 + 0x18));
				if (_t178 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0xb0ac9096;
				E00007FF67FF6B0AA44B8();
				_t182 =  *_t153;
				if (_t182 != 0) goto 0xb0ac90a8;
				E00007FF67FF6B0AA44B8();
				goto 0xb0ac90ab;
				_t179 = _t178 + _t207;
				if (_t179 -  *((intOrPtr*)( *_t182 + 0x20)) > 0) goto 0xb0ac90c7;
				if (_t182 == 0) goto 0xb0ac90be;
				goto 0xb0ac90c1;
				if (_t179 -  *((intOrPtr*)(_t208 + 0x18)) >= 0) goto 0xb0ac90cc;
				E00007FF67FF6B0AA44B8();
				_t183 =  *((intOrPtr*)(_t153 + 0x18));
				if (_t183 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0xb0ac90db;
				E00007FF67FF6B0AA44B8();
				if (_t153 == 0) goto 0xb0ac90ec;
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t183 > 0) goto 0xb0ac90ec;
				if (_t183 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0xb0ac90f1;
				E00007FF67FF6B0AA44B8();
				_t190 =  *_t153;
				if ( *((intOrPtr*)(_t153 + 0x18)) - _t179 > 0) goto 0xb0ac9100;
				if (_t179 -  *((intOrPtr*)(_t153 + 0x20)) <= 0) goto 0xb0ac9105;
				E00007FF67FF6B0AA44B8();
				if (_t190 == 0) goto 0xb0ac910f;
				if (_t190 ==  *_t153) goto 0xb0ac9114;
				E00007FF67FF6B0AA44B8();
				if (_t183 == _t179) goto 0xb0ac913b;
				_t171 =  *((intOrPtr*)(_t153 + 0x20)) - _t179;
				if (_t171 <= 0) goto 0xb0ac9137;
				E00007FF67FF6B0AA4070(_t183, _t171, _t179, _t171);
				 *((long long*)(_t153 + 0x20)) = _t171 + _t183;
				if ( *((intOrPtr*)(_t194 + 0x88)) == 0) goto 0xb0ac914d;
				E00007FF67FF6B0AA44D8(_t208, _t153,  *((intOrPtr*)(_t194 + 0x88)), _t171, _t183, _t179, _t171);
				 *((long long*)(_t194 + 0x88)) = _t208;
				 *((long long*)(_t194 + 0x90)) = _t208;
				 *((long long*)(_t194 + 0x98)) = _t208;
				E00007FF67FF6B0AA44D8(_t208, _t153,  *((intOrPtr*)(_t194 + 0x70)), _t171, _t183, _t179, _t171);
				goto 0xb0ac9175;
				return 1;
			}
























                                                                                                                                                                                                    0x7ff6b0ac8e80
                                                                                                                                                                                                    0x7ff6b0ac8e80
                                                                                                                                                                                                    0x7ff6b0ac8e88
                                                                                                                                                                                                    0x7ff6b0ac8e8f
                                                                                                                                                                                                    0x7ff6b0ac8e98
                                                                                                                                                                                                    0x7ff6b0ac8e9c
                                                                                                                                                                                                    0x7ff6b0ac8ea0
                                                                                                                                                                                                    0x7ff6b0ac8ea7
                                                                                                                                                                                                    0x7ff6b0ac8eaa
                                                                                                                                                                                                    0x7ff6b0ac8eb0
                                                                                                                                                                                                    0x7ff6b0ac8eb9
                                                                                                                                                                                                    0x7ff6b0ac8ebf
                                                                                                                                                                                                    0x7ff6b0ac8ec6
                                                                                                                                                                                                    0x7ff6b0ac8ece
                                                                                                                                                                                                    0x7ff6b0ac8ed0
                                                                                                                                                                                                    0x7ff6b0ac8ed8
                                                                                                                                                                                                    0x7ff6b0ac8edd
                                                                                                                                                                                                    0x7ff6b0ac8ee2
                                                                                                                                                                                                    0x7ff6b0ac8ee7
                                                                                                                                                                                                    0x7ff6b0ac8ef9
                                                                                                                                                                                                    0x7ff6b0ac8f08
                                                                                                                                                                                                    0x7ff6b0ac8f17
                                                                                                                                                                                                    0x7ff6b0ac8f27
                                                                                                                                                                                                    0x7ff6b0ac8f2b
                                                                                                                                                                                                    0x7ff6b0ac8f34
                                                                                                                                                                                                    0x7ff6b0ac8f37
                                                                                                                                                                                                    0x7ff6b0ac8f44
                                                                                                                                                                                                    0x7ff6b0ac8f49
                                                                                                                                                                                                    0x7ff6b0ac8f4f
                                                                                                                                                                                                    0x7ff6b0ac8f56
                                                                                                                                                                                                    0x7ff6b0ac8f59
                                                                                                                                                                                                    0x7ff6b0ac8f5e
                                                                                                                                                                                                    0x7ff6b0ac8f63
                                                                                                                                                                                                    0x7ff6b0ac8f75
                                                                                                                                                                                                    0x7ff6b0ac8f8e
                                                                                                                                                                                                    0x7ff6b0ac8f90
                                                                                                                                                                                                    0x7ff6b0ac8fa5
                                                                                                                                                                                                    0x7ff6b0ac8fa7
                                                                                                                                                                                                    0x7ff6b0ac8fb0
                                                                                                                                                                                                    0x7ff6b0ac8fb5
                                                                                                                                                                                                    0x7ff6b0ac8fbf
                                                                                                                                                                                                    0x7ff6b0ac8fc4
                                                                                                                                                                                                    0x7ff6b0ac8fd2
                                                                                                                                                                                                    0x7ff6b0ac8fd4
                                                                                                                                                                                                    0x7ff6b0ac8fe0
                                                                                                                                                                                                    0x7ff6b0ac8fe5
                                                                                                                                                                                                    0x7ff6b0ac8fea
                                                                                                                                                                                                    0x7ff6b0ac9000
                                                                                                                                                                                                    0x7ff6b0ac9002
                                                                                                                                                                                                    0x7ff6b0ac900f
                                                                                                                                                                                                    0x7ff6b0ac901c
                                                                                                                                                                                                    0x7ff6b0ac9021
                                                                                                                                                                                                    0x7ff6b0ac9029
                                                                                                                                                                                                    0x7ff6b0ac902b
                                                                                                                                                                                                    0x7ff6b0ac9035
                                                                                                                                                                                                    0x7ff6b0ac903a
                                                                                                                                                                                                    0x7ff6b0ac903f
                                                                                                                                                                                                    0x7ff6b0ac9044
                                                                                                                                                                                                    0x7ff6b0ac904a
                                                                                                                                                                                                    0x7ff6b0ac904f
                                                                                                                                                                                                    0x7ff6b0ac9055
                                                                                                                                                                                                    0x7ff6b0ac905a
                                                                                                                                                                                                    0x7ff6b0ac9068
                                                                                                                                                                                                    0x7ff6b0ac9082
                                                                                                                                                                                                    0x7ff6b0ac9087
                                                                                                                                                                                                    0x7ff6b0ac908f
                                                                                                                                                                                                    0x7ff6b0ac9091
                                                                                                                                                                                                    0x7ff6b0ac9096
                                                                                                                                                                                                    0x7ff6b0ac909c
                                                                                                                                                                                                    0x7ff6b0ac909e
                                                                                                                                                                                                    0x7ff6b0ac90a6
                                                                                                                                                                                                    0x7ff6b0ac90ab
                                                                                                                                                                                                    0x7ff6b0ac90b2
                                                                                                                                                                                                    0x7ff6b0ac90b7
                                                                                                                                                                                                    0x7ff6b0ac90bc
                                                                                                                                                                                                    0x7ff6b0ac90c5
                                                                                                                                                                                                    0x7ff6b0ac90c7
                                                                                                                                                                                                    0x7ff6b0ac90cc
                                                                                                                                                                                                    0x7ff6b0ac90d4
                                                                                                                                                                                                    0x7ff6b0ac90d6
                                                                                                                                                                                                    0x7ff6b0ac90de
                                                                                                                                                                                                    0x7ff6b0ac90e4
                                                                                                                                                                                                    0x7ff6b0ac90ea
                                                                                                                                                                                                    0x7ff6b0ac90ec
                                                                                                                                                                                                    0x7ff6b0ac90f1
                                                                                                                                                                                                    0x7ff6b0ac90f8
                                                                                                                                                                                                    0x7ff6b0ac90fe
                                                                                                                                                                                                    0x7ff6b0ac9100
                                                                                                                                                                                                    0x7ff6b0ac9108
                                                                                                                                                                                                    0x7ff6b0ac910d
                                                                                                                                                                                                    0x7ff6b0ac910f
                                                                                                                                                                                                    0x7ff6b0ac9117
                                                                                                                                                                                                    0x7ff6b0ac911d
                                                                                                                                                                                                    0x7ff6b0ac9127
                                                                                                                                                                                                    0x7ff6b0ac9132
                                                                                                                                                                                                    0x7ff6b0ac9137
                                                                                                                                                                                                    0x7ff6b0ac9146
                                                                                                                                                                                                    0x7ff6b0ac9148
                                                                                                                                                                                                    0x7ff6b0ac914d
                                                                                                                                                                                                    0x7ff6b0ac9155
                                                                                                                                                                                                    0x7ff6b0ac915d
                                                                                                                                                                                                    0x7ff6b0ac916a
                                                                                                                                                                                                    0x7ff6b0ac9171
                                                                                                                                                                                                    0x7ff6b0ac9191

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: 0262d0dafc344c9128b52d1992c683ba543df2f7131d274a0e5fc425fc83073a
                                                                                                                                                                                                    • Instruction ID: a2db3489b18ba395d4a0afc6b10aa20165891e9281cec05a87e4ecb6e02ce952
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0262d0dafc344c9128b52d1992c683ba543df2f7131d274a0e5fc425fc83073a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1919433A08B8192D6709F29E4452AEA7A5FB84B84F554631EBDC9378ACF3CE441C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AC9680 Relevance: 19.7, APIs: 13, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF67FF6B0AC9680(void* __ebx, void* __edx, void* __rcx, void* __rdx) {
				long long _v56;
				long long _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				char _v120;
				long long _v128;
				char _v136;
				long long _v144;
				char _v152;
				signed int _v168;
				char _v184;
				void* __rbx;
				void* __rsi;
				void* _t100;
				signed int _t106;
				long long _t136;
				intOrPtr* _t143;
				void* _t158;
				void* _t159;
				intOrPtr _t160;
				void* _t161;
				long long _t162;
				long long _t164;
				long long _t165;
				long long _t166;
				intOrPtr* _t167;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;
				void* _t182;

				_t100 = __edx;
				_v56 = 0xfffffffe;
				_t106 = r8d;
				_t182 = __rdx;
				_t159 = __rcx;
				if (__rdx == 0) goto 0xb0ac9950;
				if (r8d == 0) goto 0xb0ac9950;
				_t143 = __rcx + 0x210;
				_t162 =  *((intOrPtr*)(_t143 + 0x20));
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t162 <= 0) goto 0xb0ac96cb;
				E00007FF67FF6B0AA44B8();
				_v152 =  *_t143;
				_v144 = _t162;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x50], xmm0");
				_v184 = _v168 & 0x000000ff;
				E00007FF67FF6B0A9D1A0(_t100, _t143, _t143,  &_v136, _t162, __rdx, __rdx + _t169);
				_t136 =  *((intOrPtr*)(_t143 + 0x20)) -  *((intOrPtr*)(_t143 + 0x18));
				if (_t136 - 1 >= 0) goto 0xb0ac9723;
				goto 0xb0ac9952;
				_v168 = 0;
				E00007FF67FF6B0AA45E0(_t136, _t143);
				if (_t136 == 0) goto 0xb0ac9744;
				 *_t136 =  &_v120;
				goto 0xb0ac9746;
				_v120 = _t136;
				r12d =  *(_t159 + 0x2a4) * _t106;
				E00007FF67FF6B0A94CA0(_t136, _t143,  &_v120,  &_v136, _t162,  &_v168);
				if (_v88 != _v96) goto 0xb0ac9774;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t143 + 0x20)) !=  *((intOrPtr*)(_t143 + 0x18))) goto 0xb0ac9788;
				E00007FF67FF6B0AA44B8();
				if (_t106 == 0) goto 0xb0ac979f;
				r9d = _t106;
				E00007FF67FF6B0AC7870(_t106, _t159 + 0x20,  *((intOrPtr*)(_t143 + 0x18)), _v96);
				_t164 =  *((intOrPtr*)(_t159 + 0x260));
				if ( *((intOrPtr*)(_t159 + 0x258)) - _t164 <= 0) goto 0xb0ac97b4;
				E00007FF67FF6B0AA44B8();
				_v136 =  *((intOrPtr*)(_t159 + 0x240));
				_v128 = _t164;
				_t165 = _v88;
				if (_v96 - _t165 <= 0) goto 0xb0ac97d9;
				E00007FF67FF6B0AA44B8();
				_v152 = _v120;
				_v144 = _t165;
				_t166 = _v96;
				if (_t166 - _v88 <= 0) goto 0xb0ac9801;
				E00007FF67FF6B0AA44B8();
				_v72 = _v120;
				_v64 = _t166;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x90]");
				asm("movdqa [esp+0x90], xmm1");
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				_v184 = _v168 & 0x000000ff;
				E00007FF67FF6B0A99750( *(_t159 + 0x2a4) * _t106, _t143, _t159 + 0x240,  &_v136, _t166,  &_v72,  &_v152);
				_t160 =  *((intOrPtr*)(_t143 + 0x18));
				if (_t160 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0xb0ac986e;
				E00007FF67FF6B0AA44B8();
				_t167 =  *_t143;
				if (_t167 != 0) goto 0xb0ac9880;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ac9883;
				_t161 = _t160 + _t182;
				if (_t161 -  *((intOrPtr*)( *_t167 + 0x20)) > 0) goto 0xb0ac989e;
				if (_t167 == 0) goto 0xb0ac9896;
				goto 0xb0ac9898;
				if (_t161 -  *((intOrPtr*)( *_t167 + 0x18)) >= 0) goto 0xb0ac98a3;
				E00007FF67FF6B0AA44B8();
				_t168 =  *((intOrPtr*)(_t143 + 0x18));
				if (_t168 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0xb0ac98b2;
				E00007FF67FF6B0AA44B8();
				if (_t143 == 0) goto 0xb0ac98c3;
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t168 > 0) goto 0xb0ac98c3;
				if (_t168 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0xb0ac98c8;
				E00007FF67FF6B0AA44B8();
				_t171 =  *_t143;
				if ( *((intOrPtr*)(_t143 + 0x18)) - _t161 > 0) goto 0xb0ac98d7;
				if (_t161 -  *((intOrPtr*)(_t143 + 0x20)) <= 0) goto 0xb0ac98dc;
				E00007FF67FF6B0AA44B8();
				if (_t171 == 0) goto 0xb0ac98e6;
				if (_t171 ==  *_t143) goto 0xb0ac98eb;
				E00007FF67FF6B0AA44B8();
				if (_t168 == _t161) goto 0xb0ac9912;
				_t158 =  *((intOrPtr*)(_t143 + 0x20)) - _t161;
				if (_t158 <= 0) goto 0xb0ac990e;
				E00007FF67FF6B0AA4070(_t168, _t158, _t161, _t158);
				 *((long long*)(_t143 + 0x20)) = _t158 + _t168;
				if (_v96 == 0) goto 0xb0ac9921;
				E00007FF67FF6B0AA44D8( *_t167, _t143, _v96, _t158, _t168, _t161, _t158);
				_v96 = 0;
				_v88 = 0;
				_v80 = 0;
				E00007FF67FF6B0AA44D8( *_t167, _t143, _v120, _t158, _t168, _t161, _t158);
				goto 0xb0ac9952;
				return 1;
			}



































                                                                                                                                                                                                    0x7ff6b0ac9680
                                                                                                                                                                                                    0x7ff6b0ac968e
                                                                                                                                                                                                    0x7ff6b0ac969a
                                                                                                                                                                                                    0x7ff6b0ac969d
                                                                                                                                                                                                    0x7ff6b0ac96a0
                                                                                                                                                                                                    0x7ff6b0ac96a6
                                                                                                                                                                                                    0x7ff6b0ac96af
                                                                                                                                                                                                    0x7ff6b0ac96b5
                                                                                                                                                                                                    0x7ff6b0ac96bc
                                                                                                                                                                                                    0x7ff6b0ac96c4
                                                                                                                                                                                                    0x7ff6b0ac96c6
                                                                                                                                                                                                    0x7ff6b0ac96ce
                                                                                                                                                                                                    0x7ff6b0ac96d3
                                                                                                                                                                                                    0x7ff6b0ac96d8
                                                                                                                                                                                                    0x7ff6b0ac96dd
                                                                                                                                                                                                    0x7ff6b0ac96ec
                                                                                                                                                                                                    0x7ff6b0ac96fb
                                                                                                                                                                                                    0x7ff6b0ac970a
                                                                                                                                                                                                    0x7ff6b0ac971a
                                                                                                                                                                                                    0x7ff6b0ac971e
                                                                                                                                                                                                    0x7ff6b0ac9726
                                                                                                                                                                                                    0x7ff6b0ac9730
                                                                                                                                                                                                    0x7ff6b0ac9738
                                                                                                                                                                                                    0x7ff6b0ac973f
                                                                                                                                                                                                    0x7ff6b0ac9742
                                                                                                                                                                                                    0x7ff6b0ac9746
                                                                                                                                                                                                    0x7ff6b0ac974b
                                                                                                                                                                                                    0x7ff6b0ac975a
                                                                                                                                                                                                    0x7ff6b0ac976d
                                                                                                                                                                                                    0x7ff6b0ac976f
                                                                                                                                                                                                    0x7ff6b0ac9781
                                                                                                                                                                                                    0x7ff6b0ac9783
                                                                                                                                                                                                    0x7ff6b0ac978a
                                                                                                                                                                                                    0x7ff6b0ac9790
                                                                                                                                                                                                    0x7ff6b0ac979a
                                                                                                                                                                                                    0x7ff6b0ac979f
                                                                                                                                                                                                    0x7ff6b0ac97ad
                                                                                                                                                                                                    0x7ff6b0ac97af
                                                                                                                                                                                                    0x7ff6b0ac97bb
                                                                                                                                                                                                    0x7ff6b0ac97c0
                                                                                                                                                                                                    0x7ff6b0ac97c5
                                                                                                                                                                                                    0x7ff6b0ac97d2
                                                                                                                                                                                                    0x7ff6b0ac97d4
                                                                                                                                                                                                    0x7ff6b0ac97de
                                                                                                                                                                                                    0x7ff6b0ac97e3
                                                                                                                                                                                                    0x7ff6b0ac97e8
                                                                                                                                                                                                    0x7ff6b0ac97f5
                                                                                                                                                                                                    0x7ff6b0ac97f7
                                                                                                                                                                                                    0x7ff6b0ac9801
                                                                                                                                                                                                    0x7ff6b0ac9809
                                                                                                                                                                                                    0x7ff6b0ac9811
                                                                                                                                                                                                    0x7ff6b0ac9816
                                                                                                                                                                                                    0x7ff6b0ac981c
                                                                                                                                                                                                    0x7ff6b0ac9824
                                                                                                                                                                                                    0x7ff6b0ac982d
                                                                                                                                                                                                    0x7ff6b0ac9832
                                                                                                                                                                                                    0x7ff6b0ac983d
                                                                                                                                                                                                    0x7ff6b0ac985a
                                                                                                                                                                                                    0x7ff6b0ac985f
                                                                                                                                                                                                    0x7ff6b0ac9867
                                                                                                                                                                                                    0x7ff6b0ac9869
                                                                                                                                                                                                    0x7ff6b0ac986e
                                                                                                                                                                                                    0x7ff6b0ac9874
                                                                                                                                                                                                    0x7ff6b0ac9876
                                                                                                                                                                                                    0x7ff6b0ac987b
                                                                                                                                                                                                    0x7ff6b0ac987e
                                                                                                                                                                                                    0x7ff6b0ac9883
                                                                                                                                                                                                    0x7ff6b0ac988a
                                                                                                                                                                                                    0x7ff6b0ac988f
                                                                                                                                                                                                    0x7ff6b0ac9894
                                                                                                                                                                                                    0x7ff6b0ac989c
                                                                                                                                                                                                    0x7ff6b0ac989e
                                                                                                                                                                                                    0x7ff6b0ac98a3
                                                                                                                                                                                                    0x7ff6b0ac98ab
                                                                                                                                                                                                    0x7ff6b0ac98ad
                                                                                                                                                                                                    0x7ff6b0ac98b5
                                                                                                                                                                                                    0x7ff6b0ac98bb
                                                                                                                                                                                                    0x7ff6b0ac98c1
                                                                                                                                                                                                    0x7ff6b0ac98c3
                                                                                                                                                                                                    0x7ff6b0ac98c8
                                                                                                                                                                                                    0x7ff6b0ac98cf
                                                                                                                                                                                                    0x7ff6b0ac98d5
                                                                                                                                                                                                    0x7ff6b0ac98d7
                                                                                                                                                                                                    0x7ff6b0ac98df
                                                                                                                                                                                                    0x7ff6b0ac98e4
                                                                                                                                                                                                    0x7ff6b0ac98e6
                                                                                                                                                                                                    0x7ff6b0ac98ee
                                                                                                                                                                                                    0x7ff6b0ac98f4
                                                                                                                                                                                                    0x7ff6b0ac98fe
                                                                                                                                                                                                    0x7ff6b0ac9909
                                                                                                                                                                                                    0x7ff6b0ac990e
                                                                                                                                                                                                    0x7ff6b0ac991a
                                                                                                                                                                                                    0x7ff6b0ac991c
                                                                                                                                                                                                    0x7ff6b0ac9921
                                                                                                                                                                                                    0x7ff6b0ac992a
                                                                                                                                                                                                    0x7ff6b0ac9936
                                                                                                                                                                                                    0x7ff6b0ac9947
                                                                                                                                                                                                    0x7ff6b0ac994e
                                                                                                                                                                                                    0x7ff6b0ac995f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$_errnomalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1149948996-0
                                                                                                                                                                                                    • Opcode ID: 862ef2bf900044cd6533764cdbe942e68350a6ca9e47dc2d25e2abce830e237e
                                                                                                                                                                                                    • Instruction ID: 637cae7c183eea1dbc08a2a7f92ac8fca9832aef85ebf160b3a9f69e25df1224
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 862ef2bf900044cd6533764cdbe942e68350a6ca9e47dc2d25e2abce830e237e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F818323A08A8192E7709F29E4443ADA7A4FB85B80F550535EBDC93B9BDF3CE851C750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA953C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF67FF6B0AA953C(void* __eflags, void* __rax, void* __rcx, signed int _a8, signed int _a16, void* _a24, long long _a32) {
				char _v80;
				void* _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				long long _v144;
				signed int _v168;
				void* __rbx;
				void* _t79;
				void* _t80;
				void* _t97;
				long long _t98;
				signed int _t101;
				signed int _t106;
				signed int _t124;
				intOrPtr* _t126;
				void* _t127;
				signed long long _t133;

				_t97 = __rax;
				r14d = 0;
				_v168 = r14d;
				_a8 = _a8 & r14d;
				_v128 = _v128 & _t133;
				_v136 = _v136 & _t133;
				E00007FF67FF6B0AAB93C(_t80, __eflags, __rax);
				_t98 =  *((intOrPtr*)(_t97 + 0xf8));
				_a32 = _t98;
				E00007FF67FF6B0AAB93C(_t80, __eflags, _t98);
				_a24 =  *((intOrPtr*)(_t98 + 0xf0));
				_t124 =  *((intOrPtr*)(__rcx + 0x50));
				_a16 = _t124;
				_v144 =  *((intOrPtr*)(__rcx + 0x48));
				_t101 =  *((intOrPtr*)(__rcx + 0x30));
				_v112 = _t101;
				_v104 =  *((intOrPtr*)(__rcx + 0x28));
				E00007FF67FF6B0AAB93C(_t80, __eflags, _t101);
				 *(_t101 + 0xf0) = _t124;
				E00007FF67FF6B0AAB93C(_t80, __eflags, _t101);
				 *((long long*)(_t101 + 0xf8)) =  *((intOrPtr*)(__rcx + 0x40));
				E00007FF67FF6B0AAB93C(_t80, __eflags, _t101);
				E00007FF67FF6B0AA76A4(_t101,  &_v80,  *((intOrPtr*)( *(_t101 + 0xf0) + 0x28)));
				_v120 = _t101;
				_t88 =  *((intOrPtr*)(__rcx + 0x58)) - _t133;
				if ( *((intOrPtr*)(__rcx + 0x58)) == _t133) goto 0xb0aa9625;
				_a8 = 1;
				E00007FF67FF6B0AAB93C(_t80,  *((intOrPtr*)(__rcx + 0x58)) - _t133, _t101);
				_t106 =  *((intOrPtr*)(_t101 + 0x138));
				_v136 = _t106;
				E00007FF67FF6B0AAB93C(_t80,  *((intOrPtr*)(__rcx + 0x58)) - _t133, _t101);
				 *(_t101 + 0xf0) = _t106;
				r8d = 0x100;
				E00007FF67FF6B0ACC050(_v112,  *((intOrPtr*)(__rcx + 0x28)), _t127);
				_v128 = _t101;
				_v168 = 1;
				E00007FF67FF6B0AAB93C(_t80, _t88, _t101);
				 *(_t101 + 0x2c0) =  *(_t101 + 0x2c0) & 0x00000000;
				if (_a8 == 0) goto 0xb0aa9699;
				E00007FF67FF6B0AA93E4(1, _a16);
				r8d =  *((intOrPtr*)(_v136 + 0x18));
				RaiseException(??, ??, ??, ??);
				goto 0xb0aa96b4;
				_t126 = _a16;
				r8d =  *((intOrPtr*)(_t126 + 0x18));
				RaiseException(??, ??, ??, ??);
				r14d = _v168;
				E00007FF67FF6B0AA771C(_t101, _v128, _v120);
				if (r14d != 0) goto 0xb0aa971d;
				if ( *_t126 != 0xe06d7363) goto 0xb0aa971d;
				if ( *((intOrPtr*)(_t126 + 0x18)) != 4) goto 0xb0aa971d;
				if ( *((intOrPtr*)(_t126 + 0x20)) == 0x19930520) goto 0xb0aa9706;
				if ( *((intOrPtr*)(_t126 + 0x20)) == 0x19930521) goto 0xb0aa9706;
				if ( *((intOrPtr*)(_t126 + 0x20)) != 0x19930522) goto 0xb0aa971d;
				if (E00007FF67FF6B0AA76E8(_t101,  *((intOrPtr*)(_t126 + 0x28))) == 0) goto 0xb0aa971d;
				E00007FF67FF6B0AA93E4(1, _t126);
				E00007FF67FF6B0AAB93C( *_t126, E00007FF67FF6B0AA76E8(_t101,  *((intOrPtr*)(_t126 + 0x28))), _t101);
				 *(_t101 + 0xf0) = _a24;
				_t79 = E00007FF67FF6B0AAB93C( *_t126, E00007FF67FF6B0AA76E8(_t101,  *((intOrPtr*)(_t126 + 0x28))), _t101);
				 *((long long*)(_t101 + 0xf8)) = _a32;
				 *((long long*)( *((intOrPtr*)(_v144 + 0x1c)) +  *_v104)) = 0xfffffffe;
				return _t79;
			}






















                                                                                                                                                                                                    0x7ff6b0aa953c
                                                                                                                                                                                                    0x7ff6b0aa9550
                                                                                                                                                                                                    0x7ff6b0aa9553
                                                                                                                                                                                                    0x7ff6b0aa9558
                                                                                                                                                                                                    0x7ff6b0aa9560
                                                                                                                                                                                                    0x7ff6b0aa9565
                                                                                                                                                                                                    0x7ff6b0aa956a
                                                                                                                                                                                                    0x7ff6b0aa956f
                                                                                                                                                                                                    0x7ff6b0aa9576
                                                                                                                                                                                                    0x7ff6b0aa957e
                                                                                                                                                                                                    0x7ff6b0aa958a
                                                                                                                                                                                                    0x7ff6b0aa9592
                                                                                                                                                                                                    0x7ff6b0aa9596
                                                                                                                                                                                                    0x7ff6b0aa95a2
                                                                                                                                                                                                    0x7ff6b0aa95ab
                                                                                                                                                                                                    0x7ff6b0aa95af
                                                                                                                                                                                                    0x7ff6b0aa95b8
                                                                                                                                                                                                    0x7ff6b0aa95bd
                                                                                                                                                                                                    0x7ff6b0aa95c2
                                                                                                                                                                                                    0x7ff6b0aa95c9
                                                                                                                                                                                                    0x7ff6b0aa95ce
                                                                                                                                                                                                    0x7ff6b0aa95d5
                                                                                                                                                                                                    0x7ff6b0aa95ea
                                                                                                                                                                                                    0x7ff6b0aa95f2
                                                                                                                                                                                                    0x7ff6b0aa95f7
                                                                                                                                                                                                    0x7ff6b0aa95fb
                                                                                                                                                                                                    0x7ff6b0aa95fd
                                                                                                                                                                                                    0x7ff6b0aa9608
                                                                                                                                                                                                    0x7ff6b0aa960d
                                                                                                                                                                                                    0x7ff6b0aa9614
                                                                                                                                                                                                    0x7ff6b0aa9619
                                                                                                                                                                                                    0x7ff6b0aa961e
                                                                                                                                                                                                    0x7ff6b0aa9625
                                                                                                                                                                                                    0x7ff6b0aa9633
                                                                                                                                                                                                    0x7ff6b0aa963b
                                                                                                                                                                                                    0x7ff6b0aa964d
                                                                                                                                                                                                    0x7ff6b0aa9655
                                                                                                                                                                                                    0x7ff6b0aa965a
                                                                                                                                                                                                    0x7ff6b0aa9669
                                                                                                                                                                                                    0x7ff6b0aa9678
                                                                                                                                                                                                    0x7ff6b0aa9686
                                                                                                                                                                                                    0x7ff6b0aa9691
                                                                                                                                                                                                    0x7ff6b0aa9697
                                                                                                                                                                                                    0x7ff6b0aa9699
                                                                                                                                                                                                    0x7ff6b0aa96a5
                                                                                                                                                                                                    0x7ff6b0aa96ae
                                                                                                                                                                                                    0x7ff6b0aa96b4
                                                                                                                                                                                                    0x7ff6b0aa96d3
                                                                                                                                                                                                    0x7ff6b0aa96db
                                                                                                                                                                                                    0x7ff6b0aa96e3
                                                                                                                                                                                                    0x7ff6b0aa96e9
                                                                                                                                                                                                    0x7ff6b0aa96f2
                                                                                                                                                                                                    0x7ff6b0aa96fb
                                                                                                                                                                                                    0x7ff6b0aa9704
                                                                                                                                                                                                    0x7ff6b0aa9711
                                                                                                                                                                                                    0x7ff6b0aa9718
                                                                                                                                                                                                    0x7ff6b0aa971d
                                                                                                                                                                                                    0x7ff6b0aa972a
                                                                                                                                                                                                    0x7ff6b0aa9731
                                                                                                                                                                                                    0x7ff6b0aa9736
                                                                                                                                                                                                    0x7ff6b0aa974a
                                                                                                                                                                                                    0x7ff6b0aa9765

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$CreateFrameInfo
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 4181383844-1018135373
                                                                                                                                                                                                    • Opcode ID: 37636cbeaf357c96540da33d70be5943baabf356ee6162a4f4101045cc2b1b7a
                                                                                                                                                                                                    • Instruction ID: cb223595c0b6ffffc46538841a72fce6a08a7319af74b3197b3475405cec6cda
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37636cbeaf357c96540da33d70be5943baabf356ee6162a4f4101045cc2b1b7a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF412833518B8292DA709F1AE4803BA7BA4FB84B90F644535DB8D47BD7DF38E4919B00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AC91A0 Relevance: 18.3, APIs: 12, Instructions: 262COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF67FF6B0AC91A0(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				char _v152;
				long long _v160;
				char _v168;
				long long _v176;
				char _v184;
				long long _v192;
				char _v200;
				signed int _v216;
				char _v232;
				signed int _t142;
				signed int _t180;
				signed int _t202;
				void* _t209;
				signed long long _t210;
				long long* _t212;
				long long _t218;
				long long* _t220;
				long long* _t223;
				long long _t230;
				signed long long _t238;
				signed long long _t245;
				void* _t264;
				long long _t267;
				long long _t268;
				long long _t269;
				long long _t274;
				long long _t275;
				long long _t276;
				void* _t284;

				_t230 = __rbx;
				_t209 = _t284;
				_v56 = 0xfffffffe;
				 *((long long*)(_t209 + 0x10)) = __rbx;
				 *((long long*)(_t209 + 0x18)) = __rbp;
				 *((long long*)(_t209 + 0x20)) = __rsi;
				_t210 =  *0xb0ae0430; // 0x449f37dbf1f
				_v48 = _t210 ^ _t284 - 0x000000e0;
				_t264 = __rcx;
				_t212 =  *((intOrPtr*)(__rcx + 0x230));
				if (_t212 !=  *((intOrPtr*)(__rcx + 0x228))) goto 0xb0ac9372;
				E00007FF67FF6B0AA45E0(_t212, __rcx);
				if (_t212 == 0) goto 0xb0ac9216;
				 *_t212 =  &_v152;
				goto 0xb0ac9219;
				_v152 = __rbx;
				_v216 = sil;
				E00007FF67FF6B0A94CA0(__rbx, __rbx,  &_v152, __rdx, __rsi,  &_v216);
				if ( *((intOrPtr*)(_t264 + 0x290)) !=  *((intOrPtr*)(_t264 + 0x288))) goto 0xb0ac924c;
				E00007FF67FF6B0AA44B8();
				if (_v120 != _v128) goto 0xb0ac9275;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AC2840(_v120, _t264 + 0x20, _v128,  *((intOrPtr*)(_t264 + 0x288)));
				_t267 =  *((intOrPtr*)(_t264 + 0x260));
				if ( *((intOrPtr*)(_t264 + 0x258)) - _t267 <= 0) goto 0xb0ac9296;
				E00007FF67FF6B0AA44B8();
				_v184 =  *((intOrPtr*)(_t264 + 0x240));
				_v176 = _t267;
				_t268 =  *((intOrPtr*)(_t264 + 0x290));
				if ( *((intOrPtr*)(_t264 + 0x288)) - _t268 <= 0) goto 0xb0ac92bc;
				E00007FF67FF6B0AA44B8();
				_v168 =  *((intOrPtr*)(_t264 + 0x270));
				_v160 = _t268;
				_t269 =  *((intOrPtr*)(_t264 + 0x288));
				if (_t269 -  *((intOrPtr*)(_t264 + 0x290)) <= 0) goto 0xb0ac92e2;
				E00007FF67FF6B0AA44B8();
				_t218 =  *((intOrPtr*)(_t264 + 0x270));
				_v200 = _t218;
				_v192 = _t269;
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm1");
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				_v232 = _v216 & 0x000000ff;
				E00007FF67FF6B0A99750(sil & 0xffffffff, _t230, _t264 + 0x240,  &_v184, _t269,  &_v200,  &_v168);
				if (_v128 == 0) goto 0xb0ac934b;
				E00007FF67FF6B0AA44D8(_t218, _t230, _v128,  &_v184, _t269,  &_v200,  &_v168);
				_v128 = _t230;
				_v120 = _t230;
				_v112 = _t230;
				_t238 = _v152;
				_t142 = E00007FF67FF6B0AA44D8(_t218, _t230, _t238,  &_v184, _t269,  &_v200,  &_v168);
				goto 0xb0ac9646;
				_t180 = _t142 % _t238;
				if (_t180 != 0) goto 0xb0ac939f;
				_v216 =  *(_t264 + 0x2a4) & 0x000000ff;
				goto 0xb0ac93c2;
				_v216 = ( *(_t264 + 0x2a4) & 0x000000ff) - _t180;
				_t220 = _t218 -  *((intOrPtr*)(_t238 + 0x228));
				E00007FF67FF6B0AA45E0(_t220, _t238);
				if (_t220 == 0) goto 0xb0ac93dd;
				 *_t220 =  &_v152;
				goto 0xb0ac93e0;
				_v152 = _t230;
				E00007FF67FF6B0A94CA0(_t230, _t230,  &_v152, (_t220 + 1) * _t238, _t269,  &_v216);
				if ( *((intOrPtr*)(_t264 + 0x230)) !=  *((intOrPtr*)(_t264 + 0x228))) goto 0xb0ac941b;
				E00007FF67FF6B0AA44B8();
				_t223 = _v120;
				if (_t223 != _v128) goto 0xb0ac9444;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AAAE90(8, _t223 - _v128, _v128,  *((intOrPtr*)(_t264 + 0x228)),  *((intOrPtr*)(_t264 + 0x230)) -  *((intOrPtr*)(_t264 + 0x228)));
				_v216 = 0;
				E00007FF67FF6B0AA45E0(_t223, _v128);
				if (_t223 == 0) goto 0xb0ac9470;
				 *_t223 =  &_v104;
				goto 0xb0ac9473;
				_v104 = _t230;
				E00007FF67FF6B0A94CA0(_t230, _t230,  &_v104, (_t220 + 1) * _t238,  *((intOrPtr*)(_t264 + 0x228)),  &_v216);
				if (_v72 != _v80) goto 0xb0ac94a8;
				E00007FF67FF6B0AA44B8();
				_t245 = _v120;
				if (_t245 != _v128) goto 0xb0ac94d2;
				_t202 = E00007FF67FF6B0AA44B8() / _t245;
				if (_t202 == 0) goto 0xb0ac950b;
				r12d =  *(_t264 + 0x20);
				r12d = r12d << 2;
				E00007FF67FF6B0AC2840((_t220 + 1) * _t238, _t264 + 0x20, _v128, _v80);
				r13d = r13d + 0xffffffff;
				if (_t202 != 0) goto 0xb0ac94f0;
				_t274 =  *((intOrPtr*)(_t264 + 0x260));
				if ( *((intOrPtr*)(_t264 + 0x258)) - _t274 <= 0) goto 0xb0ac9520;
				E00007FF67FF6B0AA44B8();
				_v168 =  *((intOrPtr*)(_t264 + 0x240));
				_v160 = _t274;
				_t275 = _v72;
				if (_v80 - _t275 <= 0) goto 0xb0ac9548;
				E00007FF67FF6B0AA44B8();
				_v184 = _v104;
				_v176 = _t275;
				_t276 = _v80;
				if (_t276 - _v72 <= 0) goto 0xb0ac9579;
				E00007FF67FF6B0AA44B8();
				_v200 = _v104;
				_v192 = _t276;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				asm("movaps xmm1, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				_v232 = _v216 & 0x000000ff;
				E00007FF67FF6B0A99750(_t154 % _t245, _t230, _t264 + 0x240,  &_v168, _t276,  &_v200,  &_v184);
				r8d = 0;
				E00007FF67FF6B0A94D20(_t264 + 0x210,  &_v168);
				if (_v80 == 0) goto 0xb0ac95ec;
				E00007FF67FF6B0AA44D8(_v104, _t230, _v80,  &_v168, _t276,  &_v200,  &_v184);
				_v80 = _t230;
				_v72 = _t230;
				_v64 = _t230;
				E00007FF67FF6B0AA44D8(_v104, _t230, _v104,  &_v168, _t276,  &_v200,  &_v184);
				if (_v128 == 0) goto 0xb0ac9624;
				E00007FF67FF6B0AA44D8(_v104, _t230, _v128,  &_v168, _t276,  &_v200,  &_v184);
				_v128 = _t230;
				_v120 = _t230;
				_v112 = _t230;
				E00007FF67FF6B0AA44D8(_v104, _t230, _v152,  &_v168, _t276,  &_v200,  &_v184);
				return E00007FF67FF6B0AA4050( *(_t264 + 0x2a4), _v48 ^ _t284 - 0x000000e0,  &_v168,  &_v200,  &_v184);
			}










































                                                                                                                                                                                                    0x7ff6b0ac91a0
                                                                                                                                                                                                    0x7ff6b0ac91a0
                                                                                                                                                                                                    0x7ff6b0ac91b3
                                                                                                                                                                                                    0x7ff6b0ac91bf
                                                                                                                                                                                                    0x7ff6b0ac91c3
                                                                                                                                                                                                    0x7ff6b0ac91c7
                                                                                                                                                                                                    0x7ff6b0ac91cb
                                                                                                                                                                                                    0x7ff6b0ac91d5
                                                                                                                                                                                                    0x7ff6b0ac91dd
                                                                                                                                                                                                    0x7ff6b0ac91e0
                                                                                                                                                                                                    0x7ff6b0ac91ee
                                                                                                                                                                                                    0x7ff6b0ac9200
                                                                                                                                                                                                    0x7ff6b0ac920a
                                                                                                                                                                                                    0x7ff6b0ac9211
                                                                                                                                                                                                    0x7ff6b0ac9214
                                                                                                                                                                                                    0x7ff6b0ac9219
                                                                                                                                                                                                    0x7ff6b0ac921e
                                                                                                                                                                                                    0x7ff6b0ac9231
                                                                                                                                                                                                    0x7ff6b0ac9245
                                                                                                                                                                                                    0x7ff6b0ac9247
                                                                                                                                                                                                    0x7ff6b0ac9266
                                                                                                                                                                                                    0x7ff6b0ac9268
                                                                                                                                                                                                    0x7ff6b0ac927c
                                                                                                                                                                                                    0x7ff6b0ac9281
                                                                                                                                                                                                    0x7ff6b0ac928f
                                                                                                                                                                                                    0x7ff6b0ac9291
                                                                                                                                                                                                    0x7ff6b0ac929d
                                                                                                                                                                                                    0x7ff6b0ac92a2
                                                                                                                                                                                                    0x7ff6b0ac92a7
                                                                                                                                                                                                    0x7ff6b0ac92b5
                                                                                                                                                                                                    0x7ff6b0ac92b7
                                                                                                                                                                                                    0x7ff6b0ac92c3
                                                                                                                                                                                                    0x7ff6b0ac92c8
                                                                                                                                                                                                    0x7ff6b0ac92cd
                                                                                                                                                                                                    0x7ff6b0ac92db
                                                                                                                                                                                                    0x7ff6b0ac92dd
                                                                                                                                                                                                    0x7ff6b0ac92e2
                                                                                                                                                                                                    0x7ff6b0ac92e9
                                                                                                                                                                                                    0x7ff6b0ac92ee
                                                                                                                                                                                                    0x7ff6b0ac92f3
                                                                                                                                                                                                    0x7ff6b0ac92f8
                                                                                                                                                                                                    0x7ff6b0ac92fe
                                                                                                                                                                                                    0x7ff6b0ac9303
                                                                                                                                                                                                    0x7ff6b0ac9309
                                                                                                                                                                                                    0x7ff6b0ac930e
                                                                                                                                                                                                    0x7ff6b0ac9319
                                                                                                                                                                                                    0x7ff6b0ac9333
                                                                                                                                                                                                    0x7ff6b0ac9344
                                                                                                                                                                                                    0x7ff6b0ac9346
                                                                                                                                                                                                    0x7ff6b0ac934b
                                                                                                                                                                                                    0x7ff6b0ac9353
                                                                                                                                                                                                    0x7ff6b0ac935b
                                                                                                                                                                                                    0x7ff6b0ac9363
                                                                                                                                                                                                    0x7ff6b0ac9368
                                                                                                                                                                                                    0x7ff6b0ac936d
                                                                                                                                                                                                    0x7ff6b0ac9387
                                                                                                                                                                                                    0x7ff6b0ac938c
                                                                                                                                                                                                    0x7ff6b0ac9395
                                                                                                                                                                                                    0x7ff6b0ac939d
                                                                                                                                                                                                    0x7ff6b0ac93a8
                                                                                                                                                                                                    0x7ff6b0ac93b4
                                                                                                                                                                                                    0x7ff6b0ac93c7
                                                                                                                                                                                                    0x7ff6b0ac93d1
                                                                                                                                                                                                    0x7ff6b0ac93d8
                                                                                                                                                                                                    0x7ff6b0ac93db
                                                                                                                                                                                                    0x7ff6b0ac93e0
                                                                                                                                                                                                    0x7ff6b0ac93f2
                                                                                                                                                                                                    0x7ff6b0ac9414
                                                                                                                                                                                                    0x7ff6b0ac9416
                                                                                                                                                                                                    0x7ff6b0ac9422
                                                                                                                                                                                                    0x7ff6b0ac9435
                                                                                                                                                                                                    0x7ff6b0ac9437
                                                                                                                                                                                                    0x7ff6b0ac944a
                                                                                                                                                                                                    0x7ff6b0ac944f
                                                                                                                                                                                                    0x7ff6b0ac9459
                                                                                                                                                                                                    0x7ff6b0ac9461
                                                                                                                                                                                                    0x7ff6b0ac946b
                                                                                                                                                                                                    0x7ff6b0ac946e
                                                                                                                                                                                                    0x7ff6b0ac9473
                                                                                                                                                                                                    0x7ff6b0ac948b
                                                                                                                                                                                                    0x7ff6b0ac94a1
                                                                                                                                                                                                    0x7ff6b0ac94a3
                                                                                                                                                                                                    0x7ff6b0ac94b0
                                                                                                                                                                                                    0x7ff6b0ac94c3
                                                                                                                                                                                                    0x7ff6b0ac94e3
                                                                                                                                                                                                    0x7ff6b0ac94e5
                                                                                                                                                                                                    0x7ff6b0ac94e7
                                                                                                                                                                                                    0x7ff6b0ac94eb
                                                                                                                                                                                                    0x7ff6b0ac94fa
                                                                                                                                                                                                    0x7ff6b0ac9505
                                                                                                                                                                                                    0x7ff6b0ac9509
                                                                                                                                                                                                    0x7ff6b0ac950b
                                                                                                                                                                                                    0x7ff6b0ac9519
                                                                                                                                                                                                    0x7ff6b0ac951b
                                                                                                                                                                                                    0x7ff6b0ac9527
                                                                                                                                                                                                    0x7ff6b0ac952c
                                                                                                                                                                                                    0x7ff6b0ac9531
                                                                                                                                                                                                    0x7ff6b0ac9541
                                                                                                                                                                                                    0x7ff6b0ac9543
                                                                                                                                                                                                    0x7ff6b0ac9550
                                                                                                                                                                                                    0x7ff6b0ac9555
                                                                                                                                                                                                    0x7ff6b0ac955a
                                                                                                                                                                                                    0x7ff6b0ac956a
                                                                                                                                                                                                    0x7ff6b0ac956c
                                                                                                                                                                                                    0x7ff6b0ac9579
                                                                                                                                                                                                    0x7ff6b0ac957e
                                                                                                                                                                                                    0x7ff6b0ac9583
                                                                                                                                                                                                    0x7ff6b0ac9588
                                                                                                                                                                                                    0x7ff6b0ac958e
                                                                                                                                                                                                    0x7ff6b0ac9593
                                                                                                                                                                                                    0x7ff6b0ac9599
                                                                                                                                                                                                    0x7ff6b0ac959e
                                                                                                                                                                                                    0x7ff6b0ac95a9
                                                                                                                                                                                                    0x7ff6b0ac95c3
                                                                                                                                                                                                    0x7ff6b0ac95c8
                                                                                                                                                                                                    0x7ff6b0ac95d4
                                                                                                                                                                                                    0x7ff6b0ac95e5
                                                                                                                                                                                                    0x7ff6b0ac95e7
                                                                                                                                                                                                    0x7ff6b0ac95ec
                                                                                                                                                                                                    0x7ff6b0ac95f4
                                                                                                                                                                                                    0x7ff6b0ac95fc
                                                                                                                                                                                                    0x7ff6b0ac960c
                                                                                                                                                                                                    0x7ff6b0ac961d
                                                                                                                                                                                                    0x7ff6b0ac961f
                                                                                                                                                                                                    0x7ff6b0ac9624
                                                                                                                                                                                                    0x7ff6b0ac962c
                                                                                                                                                                                                    0x7ff6b0ac9634
                                                                                                                                                                                                    0x7ff6b0ac9641
                                                                                                                                                                                                    0x7ff6b0ac9676

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: f4cbc4c68556a3b7f8acf23e6ad581c02c96a0da4a1036aa3f1361d0f83fc89d
                                                                                                                                                                                                    • Instruction ID: 5ec9dd37d98c9858e4b3d219883ea9f638587cc5c91f895bb2b9d95ea446294c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cbc4c68556a3b7f8acf23e6ad581c02c96a0da4a1036aa3f1361d0f83fc89d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2D19323609BC1A2D6649B29E4843AEB7A4FBC5780F940536EBDC93B96CF3CE455C710
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB8BD0 Relevance: 18.1, APIs: 12, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 28%
                                                                                                                                                                                                    			E00007FF67FF6B0AB8BD0(void* __ebx, void* __edx, void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __r12;
				void* _t48;
				void* _t49;
				intOrPtr _t54;
				void* _t66;
				intOrPtr* _t70;
				intOrPtr _t79;
				long long _t83;
				intOrPtr* _t85;
				intOrPtr _t89;

				_t48 = __ebx;
				_v40 = 0xfffffffe;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t83 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0xb0ab8d4e;
				_a8 = __rcx;
				E00007FF67FF6B0AB8830(__edx,  *((intOrPtr*)(__rcx + 0x10)), __rax, __rbx, __rcx, __rsi);
				_t54 =  *((intOrPtr*)(_t83 + 0x10));
				if (_t54 != 0) goto 0xb0ab8c50;
				asm("lock xadd [edi], eax");
				asm("bt eax, 0x1e");
				if (_t54 < 0) goto 0xb0ab8d4e;
				if (0x80000000 - 0x80000000 <= 0) goto 0xb0ab8d4e;
				asm("lock bts dword [edi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0xb0ab8d4e;
				E00007FF67FF6B0AB87E0(_t83);
				SetEvent(??);
				goto 0xb0ab8d4e;
				 *((intOrPtr*)(_t83 + 0x10)) =  *((intOrPtr*)(_t83 + 0x10)) -  *((intOrPtr*)(_t83 + 0x10));
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				_t85 =  *((intOrPtr*)(_t83 + 0x30));
				if (_t85 -  *((intOrPtr*)(_t83 + 0x38)) <= 0) goto 0xb0ab8c76;
				E00007FF67FF6B0AA44B8();
				_t70 =  *((intOrPtr*)(_t83 + 0x18));
				_t89 =  *((intOrPtr*)(_t83 + 0x38));
				if ( *((intOrPtr*)(_t83 + 0x30)) - _t89 <= 0) goto 0xb0ab8c89;
				E00007FF67FF6B0AA44B8();
				if (_t70 == 0) goto 0xb0ab8c9a;
				if (_t70 ==  *((intOrPtr*)(_t83 + 0x18))) goto 0xb0ab8c9f;
				E00007FF67FF6B0AA44B8();
				if (_t85 == _t89) goto 0xb0ab8cfa;
				if (_t70 != 0) goto 0xb0ab8cb3;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8cb6;
				if (_t85 -  *((intOrPtr*)( *_t70 + 0x20)) < 0) goto 0xb0ab8cc1;
				E00007FF67FF6B0AA44B8();
				 *((char*)( *_t85 + 0x14)) = 1;
				r8d = 0;
				ReleaseSemaphore(??, ??, ??);
				if (_t70 != 0) goto 0xb0ab8ce6;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0ab8ce9;
				if (_t85 -  *((intOrPtr*)( *_t70 + 0x20)) < 0) goto 0xb0ab8cf4;
				E00007FF67FF6B0AA44B8();
				goto 0xb0ab8c90;
				E00007FF67FF6B0AB8120(_t48, _t49,  *((intOrPtr*)( *_t85 + 0x10)), _t70, _t83 + 0x18, __r9,  *((intOrPtr*)(_t83 + 0x18)));
				_t79 =  *((intOrPtr*)(_t83 + 0x48));
				if (_t79 == 0) goto 0xb0ab8d18;
				_t66 = _t79 - 0xffffffff;
				if (_t66 == 0) goto 0xb0ab8d18;
				CloseHandle(??);
				 *((long long*)(_t83 + 0x48)) = 0;
				asm("lock xadd [edi], eax");
				asm("bt eax, 0x1e");
				if (_t66 < 0) goto 0xb0ab8d4e;
				if (0x80000000 - 0x80000000 <= 0) goto 0xb0ab8d4e;
				asm("lock bts dword [edi], 0x1e");
				if (0x80000000 - 0x80000000 < 0) goto 0xb0ab8d4e;
				E00007FF67FF6B0AB87E0(_t83);
				return SetEvent(??);
			}














                                                                                                                                                                                                    0x7ff6b0ab8bd0
                                                                                                                                                                                                    0x7ff6b0ab8bda
                                                                                                                                                                                                    0x7ff6b0ab8be3
                                                                                                                                                                                                    0x7ff6b0ab8be8
                                                                                                                                                                                                    0x7ff6b0ab8bed
                                                                                                                                                                                                    0x7ff6b0ab8bf2
                                                                                                                                                                                                    0x7ff6b0ab8bfa
                                                                                                                                                                                                    0x7ff6b0ab8c00
                                                                                                                                                                                                    0x7ff6b0ab8c05
                                                                                                                                                                                                    0x7ff6b0ab8c0b
                                                                                                                                                                                                    0x7ff6b0ab8c0f
                                                                                                                                                                                                    0x7ff6b0ab8c16
                                                                                                                                                                                                    0x7ff6b0ab8c1a
                                                                                                                                                                                                    0x7ff6b0ab8c1e
                                                                                                                                                                                                    0x7ff6b0ab8c29
                                                                                                                                                                                                    0x7ff6b0ab8c2f
                                                                                                                                                                                                    0x7ff6b0ab8c34
                                                                                                                                                                                                    0x7ff6b0ab8c3d
                                                                                                                                                                                                    0x7ff6b0ab8c45
                                                                                                                                                                                                    0x7ff6b0ab8c4b
                                                                                                                                                                                                    0x7ff6b0ab8c57
                                                                                                                                                                                                    0x7ff6b0ab8c5a
                                                                                                                                                                                                    0x7ff6b0ab8c61
                                                                                                                                                                                                    0x7ff6b0ab8c67
                                                                                                                                                                                                    0x7ff6b0ab8c6f
                                                                                                                                                                                                    0x7ff6b0ab8c71
                                                                                                                                                                                                    0x7ff6b0ab8c76
                                                                                                                                                                                                    0x7ff6b0ab8c7a
                                                                                                                                                                                                    0x7ff6b0ab8c82
                                                                                                                                                                                                    0x7ff6b0ab8c84
                                                                                                                                                                                                    0x7ff6b0ab8c93
                                                                                                                                                                                                    0x7ff6b0ab8c98
                                                                                                                                                                                                    0x7ff6b0ab8c9a
                                                                                                                                                                                                    0x7ff6b0ab8ca2
                                                                                                                                                                                                    0x7ff6b0ab8ca7
                                                                                                                                                                                                    0x7ff6b0ab8ca9
                                                                                                                                                                                                    0x7ff6b0ab8cae
                                                                                                                                                                                                    0x7ff6b0ab8cb1
                                                                                                                                                                                                    0x7ff6b0ab8cba
                                                                                                                                                                                                    0x7ff6b0ab8cbc
                                                                                                                                                                                                    0x7ff6b0ab8cc7
                                                                                                                                                                                                    0x7ff6b0ab8ccb
                                                                                                                                                                                                    0x7ff6b0ab8cd1
                                                                                                                                                                                                    0x7ff6b0ab8cda
                                                                                                                                                                                                    0x7ff6b0ab8cdc
                                                                                                                                                                                                    0x7ff6b0ab8ce1
                                                                                                                                                                                                    0x7ff6b0ab8ce4
                                                                                                                                                                                                    0x7ff6b0ab8ced
                                                                                                                                                                                                    0x7ff6b0ab8cef
                                                                                                                                                                                                    0x7ff6b0ab8cf8
                                                                                                                                                                                                    0x7ff6b0ab8cfe
                                                                                                                                                                                                    0x7ff6b0ab8d03
                                                                                                                                                                                                    0x7ff6b0ab8d0a
                                                                                                                                                                                                    0x7ff6b0ab8d0c
                                                                                                                                                                                                    0x7ff6b0ab8d10
                                                                                                                                                                                                    0x7ff6b0ab8d12
                                                                                                                                                                                                    0x7ff6b0ab8d18
                                                                                                                                                                                                    0x7ff6b0ab8d25
                                                                                                                                                                                                    0x7ff6b0ab8d29
                                                                                                                                                                                                    0x7ff6b0ab8d2d
                                                                                                                                                                                                    0x7ff6b0ab8d34
                                                                                                                                                                                                    0x7ff6b0ab8d36
                                                                                                                                                                                                    0x7ff6b0ab8d3b
                                                                                                                                                                                                    0x7ff6b0ab8d40
                                                                                                                                                                                                    0x7ff6b0ab8d66

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseHandle$EventReleaseSemaphore$ObjectSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1624490810-0
                                                                                                                                                                                                    • Opcode ID: c0190eb963667e3a822ce395726a3cc2af1d6bc88ac9c223897c4959d47fd861
                                                                                                                                                                                                    • Instruction ID: e07ecbf2ce7aa480fe2d1c76d90a0e453af91ae4b1acf07e4a475acf3bca7286
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0190eb963667e3a822ce395726a3cc2af1d6bc88ac9c223897c4959d47fd861
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF418E23A09606A6EA509B2DD504338AB60FF59B60F580A35EB6C977D3CF3CE461C360
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAB960 Relevance: 18.1, APIs: 12, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 19%
                                                                                                                                                                                                    			E00007FF67FF6B0AAB960(void* __edi, void* __esi, long long __rbx, void* __rcx, void* __rsi, long long _a8, long long _a16) {
				void* _t15;
				void* _t17;
				long long _t33;
				void* _t36;
				long long _t54;
				void* _t59;
				intOrPtr* _t60;
				void* _t66;

				if (__rcx == 0) goto 0xb0aaba94;
				_a16 = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x38)) == 0) goto 0xb0aab984;
				free(_t59);
				if ( *((intOrPtr*)(__rcx + 0x48)) == 0) goto 0xb0aab992;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x58)) == 0) goto 0xb0aab9a0;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x68)) == 0) goto 0xb0aab9ae;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x70)) == 0) goto 0xb0aab9bc;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x78)) == 0) goto 0xb0aab9ca;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0x80)) == 0) goto 0xb0aab9db;
				free(??);
				if ( *((intOrPtr*)(__rcx + 0xa0)) == 0xb0ad1be0) goto 0xb0aab9f3;
				free(??);
				E00007FF67FF6B0AAFF60();
				_t54 =  *((intOrPtr*)(__rcx + 0xb8));
				_a8 = _t54;
				_t33 = _t54;
				if (_t33 == 0) goto 0xb0aaba2c;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t33 != 0) goto 0xb0aaba2c;
				if (_a8 == 0xb0ae0bb0) goto 0xb0aaba2c;
				free(??);
				E00007FF67FF6B0AAFE60();
				E00007FF67FF6B0AAFF60();
				_t60 =  *((intOrPtr*)(__rcx + 0xc0));
				if (_t60 == 0) goto 0xb0aaba78;
				E00007FF67FF6B0AA809C(_t15, _t60, _t66);
				_t36 = _t60 -  *0xb0ae0b90; // 0x24b4b80
				if (_t36 == 0) goto 0xb0aaba78;
				if (_t60 == 0xb0ae0a30) goto 0xb0aaba78;
				if ( *_t60 != 0) goto 0xb0aaba78;
				_t17 = E00007FF67FF6B0AA7E88(__rcx, _t60, __rsi, _t66);
				E00007FF67FF6B0AAFE60();
				free(??);
				return _t17;
			}











                                                                                                                                                                                                    0x7ff6b0aab963
                                                                                                                                                                                                    0x7ff6b0aab969
                                                                                                                                                                                                    0x7ff6b0aab97d
                                                                                                                                                                                                    0x7ff6b0aab97f
                                                                                                                                                                                                    0x7ff6b0aab98b
                                                                                                                                                                                                    0x7ff6b0aab98d
                                                                                                                                                                                                    0x7ff6b0aab999
                                                                                                                                                                                                    0x7ff6b0aab99b
                                                                                                                                                                                                    0x7ff6b0aab9a7
                                                                                                                                                                                                    0x7ff6b0aab9a9
                                                                                                                                                                                                    0x7ff6b0aab9b5
                                                                                                                                                                                                    0x7ff6b0aab9b7
                                                                                                                                                                                                    0x7ff6b0aab9c3
                                                                                                                                                                                                    0x7ff6b0aab9c5
                                                                                                                                                                                                    0x7ff6b0aab9d4
                                                                                                                                                                                                    0x7ff6b0aab9d6
                                                                                                                                                                                                    0x7ff6b0aab9ec
                                                                                                                                                                                                    0x7ff6b0aab9ee
                                                                                                                                                                                                    0x7ff6b0aab9f8
                                                                                                                                                                                                    0x7ff6b0aab9fe
                                                                                                                                                                                                    0x7ff6b0aaba05
                                                                                                                                                                                                    0x7ff6b0aaba0a
                                                                                                                                                                                                    0x7ff6b0aaba0d
                                                                                                                                                                                                    0x7ff6b0aaba0f
                                                                                                                                                                                                    0x7ff6b0aaba13
                                                                                                                                                                                                    0x7ff6b0aaba24
                                                                                                                                                                                                    0x7ff6b0aaba26
                                                                                                                                                                                                    0x7ff6b0aaba31
                                                                                                                                                                                                    0x7ff6b0aaba3b
                                                                                                                                                                                                    0x7ff6b0aaba41
                                                                                                                                                                                                    0x7ff6b0aaba4b
                                                                                                                                                                                                    0x7ff6b0aaba50
                                                                                                                                                                                                    0x7ff6b0aaba55
                                                                                                                                                                                                    0x7ff6b0aaba5c
                                                                                                                                                                                                    0x7ff6b0aaba68
                                                                                                                                                                                                    0x7ff6b0aaba6d
                                                                                                                                                                                                    0x7ff6b0aaba72
                                                                                                                                                                                                    0x7ff6b0aaba7d
                                                                                                                                                                                                    0x7ff6b0aaba85
                                                                                                                                                                                                    0x7ff6b0aaba94

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_lock$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1575098132-0
                                                                                                                                                                                                    • Opcode ID: e75674a27ccaf353bf9c4577a142a6384d94bbdb2786d43ce8d8575ba90e4d59
                                                                                                                                                                                                    • Instruction ID: 03be761b29cc1c8fe2306ceea02a7d0f8e3636fc1058268d8250d0a1eff4dfef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e75674a27ccaf353bf9c4577a142a6384d94bbdb2786d43ce8d8575ba90e4d59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6311C23F1A542A5FE58AAB9D0617792B55EF84B80F240D35EB0E877D7CF2CE8408311
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9AC50 Relevance: 16.9, APIs: 11, Instructions: 422COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                                                                    			E00007FF67FF6B0A9AC50(long long __rcx, void* __rdx, intOrPtr* __r8, intOrPtr* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t194;
				void* _t197;
				void* _t198;
				intOrPtr _t250;
				signed long long _t256;
				long long* _t263;
				intOrPtr _t265;
				intOrPtr _t267;
				intOrPtr _t278;
				intOrPtr* _t283;
				intOrPtr _t288;
				intOrPtr _t295;
				intOrPtr _t298;
				intOrPtr _t300;
				long long _t303;
				long long _t305;
				long long _t306;
				long long _t307;
				intOrPtr _t308;
				long long _t309;
				long long _t310;
				intOrPtr _t311;
				signed long long _t312;
				long long* _t314;
				intOrPtr* _t315;
				intOrPtr* _t327;
				intOrPtr* _t329;
				intOrPtr _t330;
				intOrPtr* _t336;
				long long* _t341;
				long long* _t369;
				long long* _t370;
				long long* _t372;
				signed long long _t374;
				long long* _t375;
				long long* _t377;
				signed long long _t378;
				signed long long _t380;
				signed long long _t382;
				intOrPtr* _t386;
				intOrPtr* _t387;
				intOrPtr _t389;
				long long _t391;
				long long _t392;
				intOrPtr _t393;
				long long _t395;
				long long _t396;
				signed long long _t397;
				intOrPtr _t413;
				intOrPtr* _t415;
				void* _t416;
				long long _t417;

				 *((long long*)(_t397 + 0x160)) = 0xfffffffe;
				asm("movaps [esp+0x1b0], xmm6");
				_t256 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t397 + 0x1a8) = _t256 ^ _t397;
				_t415 = __r8;
				_t416 = __rdx;
				_t396 = __rcx;
				_t314 = _t397 + 0xe0;
				 *_t314 =  *((intOrPtr*)(__r9));
				 *((long long*)(_t314 + 8)) =  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(_t314 + 0x10)) =  *((intOrPtr*)(__r9 + 0x10));
				 *((long long*)(_t314 + 0x18)) =  *((intOrPtr*)(__r9 + 0x18));
				_t369 = _t397 + 0x100;
				_t315 =  *((intOrPtr*)(_t397 + 0x220));
				 *_t369 =  *_t315;
				_t263 =  *((intOrPtr*)(_t315 + 8));
				 *((long long*)(_t369 + 8)) = _t263;
				E00007FF67FF6B0AA45E0(_t263, _t315);
				r14d = 0;
				if (_t263 == 0) goto 0xb0a9acf4;
				 *_t263 = _t397 + 0xa0;
				goto 0xb0a9acf7;
				 *((long long*)(_t397 + 0xa0)) = _t417;
				 *((long long*)(_t397 + 0xc0)) = _t417;
				 *((long long*)(_t397 + 0xc8)) = _t417;
				 *((long long*)(_t397 + 0xd0)) = _t417;
				 *((long long*)(_t397 + 0xd8)) = _t417;
				_t265 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t265 - 8 < 0) goto 0xb0a9ad32;
				goto 0xb0a9ad39;
				_t386 = _t396 + 8;
				_t303 = _t386;
				if (_t303 == 0) goto 0xb0a9ad6c;
				if (_t265 - 8 < 0) goto 0xb0a9ad49;
				goto 0xb0a9ad4c;
				if (_t386 - _t303 > 0) goto 0xb0a9ad6c;
				if (_t265 - 8 < 0) goto 0xb0a9ad5c;
				goto 0xb0a9ad5f;
				if (_t303 - _t386 +  *(_t396 + 0x18) * 2 <= 0) goto 0xb0a9ad71;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x80)) = _t396;
				 *((long long*)(_t397 + 0x88)) = _t303;
				_t267 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t267 - 8 < 0) goto 0xb0a9ad90;
				goto 0xb0a9ad93;
				_t305 = _t386;
				if (_t305 == 0) goto 0xb0a9adc6;
				if (_t267 - 8 < 0) goto 0xb0a9ada3;
				goto 0xb0a9ada6;
				if (_t386 - _t305 > 0) goto 0xb0a9adc6;
				if (_t267 - 8 < 0) goto 0xb0a9adb6;
				goto 0xb0a9adb9;
				if (_t305 - _t386 +  *(_t396 + 0x18) * 2 <= 0) goto 0xb0a9adcb;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x90)) = _t396;
				 *((long long*)(_t397 + 0x98)) = _t305;
				_t389 =  *((intOrPtr*)(_t397 + 0xe0));
				asm("movaps xmm6, [esp+0x80]");
				if (_t389 == 0xfffffffc) goto 0xb0a9ae0a;
				if (_t389 == 0) goto 0xb0a9ae05;
				if (_t389 ==  *((intOrPtr*)(_t397 + 0xf0))) goto 0xb0a9ae0a;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t397 + 0xe8)) ==  *((intOrPtr*)(_t397 + 0xf8))) goto 0xb0a9b04c;
				_t370 = _t397 + 0x150;
				_t327 = _t397 + 0xe0;
				 *_t370 =  *_t327;
				 *((long long*)(_t370 + 8)) =  *((intOrPtr*)(_t327 + 8));
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0x170], xmm0");
				asm("movdqa [esp+0x140], xmm6");
				 *((long long*)(_t397 + 0x30)) = _t397 + 0x150;
				 *((long long*)(_t397 + 0x28)) = _t397 + 0x170;
				 *((long long*)(_t397 + 0x20)) = _t397 + 0x140;
				E00007FF67FF6B0A9B470(_t397 + 0x130, _t397 + 0xa0);
				asm("movaps xmm6, [esp+0x130]");
				_t372 = _t397 + 0x90;
				_t329 = _t397 + 0xf0;
				 *_t372 =  *_t329;
				 *((long long*)(_t372 + 8)) =  *((intOrPtr*)(_t329 + 8));
				_t330 =  *((intOrPtr*)(_t397 + 0xd0));
				_t391 =  *((intOrPtr*)(_t397 + 0xd8)) + _t330;
				if (_t330 - _t391 <= 0) goto 0xb0a9aedf;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x80)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x88)) = _t391;
				asm("movaps xmm0, [esp+0x80]");
				asm("movdqa [esp+0x120], xmm0");
				 *((char*)(_t397 + 0x20)) =  *(_t397 + 0x40) & 0x000000ff;
				E00007FF67FF6B0A9BE60(_t305, _t397 + 0xa0, _t397 + 0x120, _t391,  *((intOrPtr*)(_t397 + 0x100)),  *((intOrPtr*)(_t397 + 0x108)));
				_t278 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t278 - 8 < 0) goto 0xb0a9af40;
				goto 0xb0a9af43;
				_t374 =  *(_t396 + 0x18);
				_t392 = _t386 + _t374 * 2;
				if (_t392 == 0) goto 0xb0a9af7a;
				if (_t278 - 8 < 0) goto 0xb0a9af5b;
				goto 0xb0a9af5e;
				if (_t386 - _t392 > 0) goto 0xb0a9af7a;
				if (_t278 - 8 < 0) goto 0xb0a9af6e;
				goto 0xb0a9af71;
				if (_t392 - _t386 + _t374 * 2 <= 0) goto 0xb0a9af7f;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t392;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x70], xmm0");
				_t375 = _t397 + 0x60;
				_t336 = _t397 + 0xf0;
				 *_t375 =  *_t336;
				_t283 =  *((intOrPtr*)(_t336 + 8));
				 *((long long*)(_t375 + 8)) = _t283;
				E00007FF67FF6B0A9A9F0(_t305, _t416, _t397 + 0x180, _t392, _t397 + 0x60, _t397 + 0x70);
				_t377 = _t397 + 0xe0;
				 *_t377 =  *_t283;
				 *((long long*)(_t377 + 8)) =  *((intOrPtr*)(_t283 + 8));
				 *((long long*)(_t377 + 0x10)) =  *((intOrPtr*)(_t283 + 0x10));
				 *((long long*)(_t377 + 0x18)) =  *((intOrPtr*)(_t283 + 0x18));
				_t393 =  *((intOrPtr*)(_t397 + 0xe0));
				if (_t393 == 0xfffffffc) goto 0xb0a9b011;
				if (_t393 == 0) goto 0xb0a9b00c;
				if (_t393 ==  *((intOrPtr*)(_t397 + 0xf0))) goto 0xb0a9b011;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t397 + 0xe8)) ==  *((intOrPtr*)(_t397 + 0xf8))) goto 0xb0a9adf0;
				_t341 = _t397 + 0x100;
				 *_t341 =  *_t415;
				 *((long long*)(_t341 + 8)) =  *((intOrPtr*)(_t415 + 8));
				goto 0xb0a9adf0;
				_t288 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t288 - 8 < 0) goto 0xb0a9b05b;
				goto 0xb0a9b05e;
				_t378 =  *(_t396 + 0x18);
				_t306 = _t386 + _t378 * 2;
				if (_t306 == 0) goto 0xb0a9b095;
				if (_t288 - 8 < 0) goto 0xb0a9b076;
				goto 0xb0a9b079;
				if (_t386 - _t306 > 0) goto 0xb0a9b095;
				if (_t288 - 8 < 0) goto 0xb0a9b089;
				goto 0xb0a9b08c;
				if (_t306 - _t386 + _t378 * 2 <= 0) goto 0xb0a9b09a;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t306;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x90]");
				asm("movdqa [esp+0x70], xmm1");
				asm("movdqa [esp+0x120], xmm6");
				 *((long long*)(_t397 + 0x30)) = _t397 + 0x60;
				 *((long long*)(_t397 + 0x28)) = _t397 + 0x70;
				 *((long long*)(_t397 + 0x20)) = _t397 + 0x120;
				E00007FF67FF6B0A9B470(_t397 + 0x130, _t397 + 0xa0);
				_t413 =  *((intOrPtr*)(_t397 + 0xd8));
				if (_t413 != 0) goto 0xb0a9b1a0;
				_t295 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t295 - 8 < 0) goto 0xb0a9b124;
				goto 0xb0a9b127;
				_t380 =  *(_t396 + 0x18);
				_t307 = _t386 + _t380 * 2;
				if (_t307 == 0) goto 0xb0a9b159;
				if (_t295 - 8 < 0) goto 0xb0a9b13f;
				goto 0xb0a9b142;
				if (_t386 - _t307 > 0) goto 0xb0a9b159;
				if (_t295 - 8 < 0) goto 0xb0a9b150;
				_t387 =  *_t386;
				if (_t307 - _t387 + _t380 * 2 <= 0) goto 0xb0a9b15e;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x50)) = _t396;
				 *((long long*)(_t397 + 0x58)) = _t307;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x130]");
				asm("movdqa [esp+0x70], xmm1");
				E00007FF67FF6B0A94940(_t307, _t396, _t397 + 0x120,  *((intOrPtr*)(_t397 + 0xe0)), _t396, _t397 + 0x70, _t397 + 0x60);
				goto 0xb0a9b2f3;
				_t308 =  *((intOrPtr*)(_t397 + 0xd0));
				_t395 = _t413 + _t308;
				if (_t308 - _t395 <= 0) goto 0xb0a9b1c6;
				E00007FF67FF6B0AA44B8();
				_t309 =  *((intOrPtr*)(_t397 + 0xd0));
				 *((long long*)(_t397 + 0x50)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x58)) = _t395;
				if (_t309 -  *((intOrPtr*)(_t397 + 0xd8)) + _t309 <= 0) goto 0xb0a9b1ee;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x80)) =  *((intOrPtr*)(_t397 + 0xa0));
				 *((long long*)(_t397 + 0x88)) = _t309;
				_t298 =  *((intOrPtr*)(_t396 + 0x20));
				if (_t298 - 8 < 0) goto 0xb0a9b20d;
				goto 0xb0a9b210;
				_t382 =  *(_t396 + 0x18);
				_t310 = _t387 + _t382 * 2;
				if (_t310 == 0) goto 0xb0a9b242;
				if (_t298 - 8 < 0) goto 0xb0a9b228;
				goto 0xb0a9b22b;
				if (_t387 - _t310 > 0) goto 0xb0a9b242;
				if (_t298 - 8 < 0) goto 0xb0a9b239;
				if (_t310 -  *_t387 + _t382 * 2 <= 0) goto 0xb0a9b247;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t397 + 0x90)) = _t396;
				 *((long long*)(_t397 + 0x98)) = _t310;
				 *((long long*)(_t397 + 0x1a0)) = 7;
				 *((long long*)(_t397 + 0x198)) = _t417;
				 *((intOrPtr*)(_t397 + 0x188)) = r14w;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movaps xmm1, [esp+0x80]");
				asm("movdqa [esp+0x70], xmm1");
				r9d =  *(_t397 + 0x40) & 0x000000ff;
				E00007FF67FF6B0A9C2A0( *(_t397 + 0x40) & 0x000000ff, _t197, _t198, _t310, _t397 + 0x180, _t397 + 0x70, _t395, _t396, _t397 + 0x60, _t397 + 0x60);
				asm("movaps xmm0, [esp+0x90]");
				asm("movdqa [esp+0x60], xmm0");
				asm("movdqa [esp+0x70], xmm0");
				_t412 = _t397 + 0x180;
				_t405 = _t397 + 0x60;
				_t384 = _t397 + 0x70;
				E00007FF67FF6B0A92B00(_t310, _t396, _t397 + 0x70,  *_t387, _t395, _t396, _t397 + 0x60, _t397 + 0x180);
				if ( *((long long*)(_t397 + 0x1a0)) - 8 < 0) goto 0xb0a9b2f3;
				E00007FF67FF6B0AA44D8( *_t387 + _t382 * 2, _t310,  *((intOrPtr*)(_t397 + 0x188)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				_t300 =  *((intOrPtr*)(_t397 + 0xd8));
				if (_t300 == 0) goto 0xb0a9b31b;
				_t250 = _t300;
				if (_t250 == 0) goto 0xb0a9b31b;
				 *((long long*)(_t397 + 0xd8)) = _t300 - 1;
				if (_t250 != 0) goto 0xb0a9b300;
				 *((long long*)(_t397 + 0xd0)) = _t417;
				_t311 =  *((intOrPtr*)(_t397 + 0xc8));
				if (_t311 == 0) goto 0xb0a9b352;
				_t312 = _t311 - 1;
				if ( *((long long*)( *((intOrPtr*)(_t397 + 0xc0)) + _t312 * 8)) == 0) goto 0xb0a9b34b;
				E00007FF67FF6B0AA44D8(_t300 - 1, _t312,  *((intOrPtr*)( *((intOrPtr*)(_t397 + 0xc0)) + _t312 * 8)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				if (_t312 != 0) goto 0xb0a9b330;
				goto 0xb0a9b35a;
				if ( *((intOrPtr*)(_t397 + 0xc0)) == 0) goto 0xb0a9b364;
				E00007FF67FF6B0AA44D8(_t300 - 1, _t312,  *((intOrPtr*)(_t397 + 0xc0)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				 *((long long*)(_t397 + 0xc8)) = _t417;
				 *((long long*)(_t397 + 0xc0)) = _t417;
				E00007FF67FF6B0AA44D8(_t300 - 1, _t312,  *((intOrPtr*)(_t397 + 0xa0)), _t397 + 0x70, _t395, _t397 + 0x60, _t397 + 0x180);
				_t194 = E00007FF67FF6B0AA4050(8,  *(_t397 + 0x1a8) ^ _t397, _t384, _t405, _t412);
				asm("movaps xmm6, [esp+0x1b0]");
				return _t194;
			}



























































                                                                                                                                                                                                    0x7ff6b0a9ac62
                                                                                                                                                                                                    0x7ff6b0a9ac6e
                                                                                                                                                                                                    0x7ff6b0a9ac76
                                                                                                                                                                                                    0x7ff6b0a9ac80
                                                                                                                                                                                                    0x7ff6b0a9ac88
                                                                                                                                                                                                    0x7ff6b0a9ac8b
                                                                                                                                                                                                    0x7ff6b0a9ac8e
                                                                                                                                                                                                    0x7ff6b0a9ac91
                                                                                                                                                                                                    0x7ff6b0a9ac9c
                                                                                                                                                                                                    0x7ff6b0a9aca3
                                                                                                                                                                                                    0x7ff6b0a9acab
                                                                                                                                                                                                    0x7ff6b0a9acb3
                                                                                                                                                                                                    0x7ff6b0a9acb7
                                                                                                                                                                                                    0x7ff6b0a9acbf
                                                                                                                                                                                                    0x7ff6b0a9acca
                                                                                                                                                                                                    0x7ff6b0a9accd
                                                                                                                                                                                                    0x7ff6b0a9acd1
                                                                                                                                                                                                    0x7ff6b0a9acda
                                                                                                                                                                                                    0x7ff6b0a9acdf
                                                                                                                                                                                                    0x7ff6b0a9ace5
                                                                                                                                                                                                    0x7ff6b0a9acef
                                                                                                                                                                                                    0x7ff6b0a9acf2
                                                                                                                                                                                                    0x7ff6b0a9acf7
                                                                                                                                                                                                    0x7ff6b0a9acff
                                                                                                                                                                                                    0x7ff6b0a9ad07
                                                                                                                                                                                                    0x7ff6b0a9ad0f
                                                                                                                                                                                                    0x7ff6b0a9ad17
                                                                                                                                                                                                    0x7ff6b0a9ad1f
                                                                                                                                                                                                    0x7ff6b0a9ad27
                                                                                                                                                                                                    0x7ff6b0a9ad30
                                                                                                                                                                                                    0x7ff6b0a9ad32
                                                                                                                                                                                                    0x7ff6b0a9ad36
                                                                                                                                                                                                    0x7ff6b0a9ad3c
                                                                                                                                                                                                    0x7ff6b0a9ad42
                                                                                                                                                                                                    0x7ff6b0a9ad47
                                                                                                                                                                                                    0x7ff6b0a9ad4f
                                                                                                                                                                                                    0x7ff6b0a9ad55
                                                                                                                                                                                                    0x7ff6b0a9ad5a
                                                                                                                                                                                                    0x7ff6b0a9ad6a
                                                                                                                                                                                                    0x7ff6b0a9ad6c
                                                                                                                                                                                                    0x7ff6b0a9ad71
                                                                                                                                                                                                    0x7ff6b0a9ad79
                                                                                                                                                                                                    0x7ff6b0a9ad81
                                                                                                                                                                                                    0x7ff6b0a9ad89
                                                                                                                                                                                                    0x7ff6b0a9ad8e
                                                                                                                                                                                                    0x7ff6b0a9ad90
                                                                                                                                                                                                    0x7ff6b0a9ad96
                                                                                                                                                                                                    0x7ff6b0a9ad9c
                                                                                                                                                                                                    0x7ff6b0a9ada1
                                                                                                                                                                                                    0x7ff6b0a9ada9
                                                                                                                                                                                                    0x7ff6b0a9adaf
                                                                                                                                                                                                    0x7ff6b0a9adb4
                                                                                                                                                                                                    0x7ff6b0a9adc4
                                                                                                                                                                                                    0x7ff6b0a9adc6
                                                                                                                                                                                                    0x7ff6b0a9adcb
                                                                                                                                                                                                    0x7ff6b0a9add3
                                                                                                                                                                                                    0x7ff6b0a9ade0
                                                                                                                                                                                                    0x7ff6b0a9ade8
                                                                                                                                                                                                    0x7ff6b0a9adf4
                                                                                                                                                                                                    0x7ff6b0a9adf9
                                                                                                                                                                                                    0x7ff6b0a9ae03
                                                                                                                                                                                                    0x7ff6b0a9ae05
                                                                                                                                                                                                    0x7ff6b0a9ae1a
                                                                                                                                                                                                    0x7ff6b0a9ae20
                                                                                                                                                                                                    0x7ff6b0a9ae28
                                                                                                                                                                                                    0x7ff6b0a9ae33
                                                                                                                                                                                                    0x7ff6b0a9ae3a
                                                                                                                                                                                                    0x7ff6b0a9ae3e
                                                                                                                                                                                                    0x7ff6b0a9ae46
                                                                                                                                                                                                    0x7ff6b0a9ae4f
                                                                                                                                                                                                    0x7ff6b0a9ae60
                                                                                                                                                                                                    0x7ff6b0a9ae6d
                                                                                                                                                                                                    0x7ff6b0a9ae7a
                                                                                                                                                                                                    0x7ff6b0a9ae97
                                                                                                                                                                                                    0x7ff6b0a9ae9c
                                                                                                                                                                                                    0x7ff6b0a9aea4
                                                                                                                                                                                                    0x7ff6b0a9aeac
                                                                                                                                                                                                    0x7ff6b0a9aeb7
                                                                                                                                                                                                    0x7ff6b0a9aebe
                                                                                                                                                                                                    0x7ff6b0a9aec2
                                                                                                                                                                                                    0x7ff6b0a9aed2
                                                                                                                                                                                                    0x7ff6b0a9aed8
                                                                                                                                                                                                    0x7ff6b0a9aeda
                                                                                                                                                                                                    0x7ff6b0a9aee7
                                                                                                                                                                                                    0x7ff6b0a9aeef
                                                                                                                                                                                                    0x7ff6b0a9aef7
                                                                                                                                                                                                    0x7ff6b0a9aeff
                                                                                                                                                                                                    0x7ff6b0a9af08
                                                                                                                                                                                                    0x7ff6b0a9af2c
                                                                                                                                                                                                    0x7ff6b0a9af31
                                                                                                                                                                                                    0x7ff6b0a9af39
                                                                                                                                                                                                    0x7ff6b0a9af3e
                                                                                                                                                                                                    0x7ff6b0a9af43
                                                                                                                                                                                                    0x7ff6b0a9af47
                                                                                                                                                                                                    0x7ff6b0a9af4e
                                                                                                                                                                                                    0x7ff6b0a9af54
                                                                                                                                                                                                    0x7ff6b0a9af59
                                                                                                                                                                                                    0x7ff6b0a9af61
                                                                                                                                                                                                    0x7ff6b0a9af67
                                                                                                                                                                                                    0x7ff6b0a9af6c
                                                                                                                                                                                                    0x7ff6b0a9af78
                                                                                                                                                                                                    0x7ff6b0a9af7a
                                                                                                                                                                                                    0x7ff6b0a9af7f
                                                                                                                                                                                                    0x7ff6b0a9af84
                                                                                                                                                                                                    0x7ff6b0a9af89
                                                                                                                                                                                                    0x7ff6b0a9af8e
                                                                                                                                                                                                    0x7ff6b0a9af94
                                                                                                                                                                                                    0x7ff6b0a9af99
                                                                                                                                                                                                    0x7ff6b0a9afa4
                                                                                                                                                                                                    0x7ff6b0a9afa7
                                                                                                                                                                                                    0x7ff6b0a9afab
                                                                                                                                                                                                    0x7ff6b0a9afc4
                                                                                                                                                                                                    0x7ff6b0a9afc9
                                                                                                                                                                                                    0x7ff6b0a9afd4
                                                                                                                                                                                                    0x7ff6b0a9afdb
                                                                                                                                                                                                    0x7ff6b0a9afe3
                                                                                                                                                                                                    0x7ff6b0a9afeb
                                                                                                                                                                                                    0x7ff6b0a9afef
                                                                                                                                                                                                    0x7ff6b0a9affb
                                                                                                                                                                                                    0x7ff6b0a9b000
                                                                                                                                                                                                    0x7ff6b0a9b00a
                                                                                                                                                                                                    0x7ff6b0a9b00c
                                                                                                                                                                                                    0x7ff6b0a9b021
                                                                                                                                                                                                    0x7ff6b0a9b027
                                                                                                                                                                                                    0x7ff6b0a9b033
                                                                                                                                                                                                    0x7ff6b0a9b03b
                                                                                                                                                                                                    0x7ff6b0a9b047
                                                                                                                                                                                                    0x7ff6b0a9b04c
                                                                                                                                                                                                    0x7ff6b0a9b054
                                                                                                                                                                                                    0x7ff6b0a9b059
                                                                                                                                                                                                    0x7ff6b0a9b05e
                                                                                                                                                                                                    0x7ff6b0a9b062
                                                                                                                                                                                                    0x7ff6b0a9b069
                                                                                                                                                                                                    0x7ff6b0a9b06f
                                                                                                                                                                                                    0x7ff6b0a9b074
                                                                                                                                                                                                    0x7ff6b0a9b07c
                                                                                                                                                                                                    0x7ff6b0a9b082
                                                                                                                                                                                                    0x7ff6b0a9b087
                                                                                                                                                                                                    0x7ff6b0a9b093
                                                                                                                                                                                                    0x7ff6b0a9b095
                                                                                                                                                                                                    0x7ff6b0a9b09a
                                                                                                                                                                                                    0x7ff6b0a9b09f
                                                                                                                                                                                                    0x7ff6b0a9b0a4
                                                                                                                                                                                                    0x7ff6b0a9b0a9
                                                                                                                                                                                                    0x7ff6b0a9b0af
                                                                                                                                                                                                    0x7ff6b0a9b0b7
                                                                                                                                                                                                    0x7ff6b0a9b0bd
                                                                                                                                                                                                    0x7ff6b0a9b0cb
                                                                                                                                                                                                    0x7ff6b0a9b0d5
                                                                                                                                                                                                    0x7ff6b0a9b0e2
                                                                                                                                                                                                    0x7ff6b0a9b0ff
                                                                                                                                                                                                    0x7ff6b0a9b104
                                                                                                                                                                                                    0x7ff6b0a9b10f
                                                                                                                                                                                                    0x7ff6b0a9b115
                                                                                                                                                                                                    0x7ff6b0a9b11d
                                                                                                                                                                                                    0x7ff6b0a9b122
                                                                                                                                                                                                    0x7ff6b0a9b127
                                                                                                                                                                                                    0x7ff6b0a9b12b
                                                                                                                                                                                                    0x7ff6b0a9b132
                                                                                                                                                                                                    0x7ff6b0a9b138
                                                                                                                                                                                                    0x7ff6b0a9b13d
                                                                                                                                                                                                    0x7ff6b0a9b145
                                                                                                                                                                                                    0x7ff6b0a9b14b
                                                                                                                                                                                                    0x7ff6b0a9b14d
                                                                                                                                                                                                    0x7ff6b0a9b157
                                                                                                                                                                                                    0x7ff6b0a9b159
                                                                                                                                                                                                    0x7ff6b0a9b15e
                                                                                                                                                                                                    0x7ff6b0a9b163
                                                                                                                                                                                                    0x7ff6b0a9b168
                                                                                                                                                                                                    0x7ff6b0a9b16d
                                                                                                                                                                                                    0x7ff6b0a9b173
                                                                                                                                                                                                    0x7ff6b0a9b17b
                                                                                                                                                                                                    0x7ff6b0a9b196
                                                                                                                                                                                                    0x7ff6b0a9b19b
                                                                                                                                                                                                    0x7ff6b0a9b1a0
                                                                                                                                                                                                    0x7ff6b0a9b1a8
                                                                                                                                                                                                    0x7ff6b0a9b1af
                                                                                                                                                                                                    0x7ff6b0a9b1b1
                                                                                                                                                                                                    0x7ff6b0a9b1be
                                                                                                                                                                                                    0x7ff6b0a9b1ce
                                                                                                                                                                                                    0x7ff6b0a9b1d3
                                                                                                                                                                                                    0x7ff6b0a9b1df
                                                                                                                                                                                                    0x7ff6b0a9b1e1
                                                                                                                                                                                                    0x7ff6b0a9b1ee
                                                                                                                                                                                                    0x7ff6b0a9b1f6
                                                                                                                                                                                                    0x7ff6b0a9b1fe
                                                                                                                                                                                                    0x7ff6b0a9b206
                                                                                                                                                                                                    0x7ff6b0a9b20b
                                                                                                                                                                                                    0x7ff6b0a9b210
                                                                                                                                                                                                    0x7ff6b0a9b214
                                                                                                                                                                                                    0x7ff6b0a9b21b
                                                                                                                                                                                                    0x7ff6b0a9b221
                                                                                                                                                                                                    0x7ff6b0a9b226
                                                                                                                                                                                                    0x7ff6b0a9b22e
                                                                                                                                                                                                    0x7ff6b0a9b234
                                                                                                                                                                                                    0x7ff6b0a9b240
                                                                                                                                                                                                    0x7ff6b0a9b242
                                                                                                                                                                                                    0x7ff6b0a9b247
                                                                                                                                                                                                    0x7ff6b0a9b24f
                                                                                                                                                                                                    0x7ff6b0a9b257
                                                                                                                                                                                                    0x7ff6b0a9b263
                                                                                                                                                                                                    0x7ff6b0a9b26b
                                                                                                                                                                                                    0x7ff6b0a9b274
                                                                                                                                                                                                    0x7ff6b0a9b279
                                                                                                                                                                                                    0x7ff6b0a9b27f
                                                                                                                                                                                                    0x7ff6b0a9b287
                                                                                                                                                                                                    0x7ff6b0a9b28d
                                                                                                                                                                                                    0x7ff6b0a9b2a5
                                                                                                                                                                                                    0x7ff6b0a9b2ab
                                                                                                                                                                                                    0x7ff6b0a9b2b3
                                                                                                                                                                                                    0x7ff6b0a9b2b9
                                                                                                                                                                                                    0x7ff6b0a9b2bf
                                                                                                                                                                                                    0x7ff6b0a9b2c7
                                                                                                                                                                                                    0x7ff6b0a9b2cc
                                                                                                                                                                                                    0x7ff6b0a9b2d4
                                                                                                                                                                                                    0x7ff6b0a9b2e3
                                                                                                                                                                                                    0x7ff6b0a9b2ed
                                                                                                                                                                                                    0x7ff6b0a9b2f3
                                                                                                                                                                                                    0x7ff6b0a9b2fe
                                                                                                                                                                                                    0x7ff6b0a9b300
                                                                                                                                                                                                    0x7ff6b0a9b303
                                                                                                                                                                                                    0x7ff6b0a9b309
                                                                                                                                                                                                    0x7ff6b0a9b311
                                                                                                                                                                                                    0x7ff6b0a9b313
                                                                                                                                                                                                    0x7ff6b0a9b31b
                                                                                                                                                                                                    0x7ff6b0a9b326
                                                                                                                                                                                                    0x7ff6b0a9b330
                                                                                                                                                                                                    0x7ff6b0a9b338
                                                                                                                                                                                                    0x7ff6b0a9b33e
                                                                                                                                                                                                    0x7ff6b0a9b34e
                                                                                                                                                                                                    0x7ff6b0a9b350
                                                                                                                                                                                                    0x7ff6b0a9b35d
                                                                                                                                                                                                    0x7ff6b0a9b35f
                                                                                                                                                                                                    0x7ff6b0a9b364
                                                                                                                                                                                                    0x7ff6b0a9b36c
                                                                                                                                                                                                    0x7ff6b0a9b37c
                                                                                                                                                                                                    0x7ff6b0a9b38c
                                                                                                                                                                                                    0x7ff6b0a9b391
                                                                                                                                                                                                    0x7ff6b0a9b3aa

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2964583507-0
                                                                                                                                                                                                    • Opcode ID: 3fab2268b774a43a72f155c8a4013d7ec2b68cad78901ac3ed3aa2c380edfcb8
                                                                                                                                                                                                    • Instruction ID: 2e4cc502e31283cc237d65a71c6452b1dc5449248e125c1a1182593319d77559
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fab2268b774a43a72f155c8a4013d7ec2b68cad78901ac3ed3aa2c380edfcb8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46226B33708BC591DA208B19E5803EEA7A0FB98B84F544632DB8D87BAADF7DD455C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACA0F0 Relevance: 16.6, APIs: 11, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$CloseCriticalEnterHandleSection
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2649207071-0
                                                                                                                                                                                                    • Opcode ID: c33f4b02dd8f6b7dcacff032d374c0c5cdb63b6fa274afd2291ba177bfd6c425
                                                                                                                                                                                                    • Instruction ID: dfd2afc8b921e93fb591b7ddc34dac5f14ab28d3940164b77b8f378644aa8d42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c33f4b02dd8f6b7dcacff032d374c0c5cdb63b6fa274afd2291ba177bfd6c425
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB418223E1CA52A6FB715B19D8003786EA1EB54B68F5A4B71DB5D933D3CF2CE8418310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACA270 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                                                                    			E00007FF67FF6B0ACA270(void* __ebx, void* __ecx, long long __rbx, signed int __rdx, long long __rbp, void* __r8, signed long long __r9, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				void* _v24;
				signed int _v40;
				void* _v104;
				long long _v112;
				intOrPtr _v136;
				char _v144;
				long long _v152;
				long long _v160;
				signed int _v168;
				signed short _v170;
				signed short _v172;
				signed int _v174;
				signed short _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				signed int _v200;
				signed int _v208;
				signed int _v216;
				void* __rdi;
				void* __rsi;
				void* __r12;
				signed long long _t106;
				signed long long _t107;
				signed long long _t110;
				void* _t157;
				void* _t161;
				signed long long _t173;
				void* _t175;

				_t173 = __r9;
				_t175 = _t161;
				_v152 = 0xfffffffe;
				 *((long long*)(_t175 + 8)) = __rbx;
				 *((long long*)(_t175 + 0x20)) = __rbp;
				_t106 =  *0xb0ae0430; // 0x449f37dbf1f
				_t107 = _t106 ^ _t161 - 0x000000e0;
				_v40 = _t107;
				_t110 = __rdx;
				_v160 = __rdx;
				_t159 = _a40;
				_v168 = 0;
				 *((long long*)(__rdx + 0x20)) = 7;
				 *(__rdx + 0x18) = _t107;
				 *((short*)(__rdx + 8)) = 0;
				_v168 = 1;
				_t13 = _t107 + 0x40; // 0x40
				r8d = _t13;
				E00007FF67FF6B0AAB240(0, __ecx, 0, _t175 - 0x68, __rdx, __r8);
				if ((sil & 0x00000001) == 0) goto 0xb0aca336;
				r9d = r8d;
				E00007FF67FF6B0AA488C(L"[%d]", _t173);
				asm("repne scasw");
				E00007FF67FF6B0A947C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000002) == 0) goto 0xb0aca3bb;
				_v184 = 0;
				_v180 = 0;
				_v176 = 0;
				_v172 = 0;
				GetSystemTime(??);
				r9d = _v176 & 0x0000ffff;
				_v200 = _v170 & 0x0000ffff;
				_v208 = _v172 & 0x0000ffff;
				_v216 = _v174 & 0x0000ffff;
				E00007FF67FF6B0AA488C(L"[%02d:%02d:%02d.%03d]", _t173);
				asm("repne scasw");
				E00007FF67FF6B0A947C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000004) == 0) goto 0xb0aca40b;
				r9d = GetCurrentThreadId();
				E00007FF67FF6B0AA488C(L"[%06d] ", _t173);
				asm("repne scasw");
				E00007FF67FF6B0A947C0(__rdx, __rdx,  &_v104,  &_v104, _t157, _a40,  !( &_v104 | 0xffffffff) - 1);
				if ((sil & 0x00000008) == 0) goto 0xb0aca42f;
				asm("repne scasw");
				_t171 =  !(__rdx | 0xffffffff) - 1;
				E00007FF67FF6B0A947C0(__rdx, __rdx, _t159, _t159, _t157, _t159,  !(__rdx | 0xffffffff) - 1);
				if ((sil & 0x00000020) == 0) goto 0xb0aca499;
				r8d = 1;
				E00007FF67FF6B0A947C0(__rdx, __rdx, "(", _t159, _t157, _t159,  !(__rdx | 0xffffffff) - 1);
				E00007FF67FF6B0ACACF0(__ebx, _a56, sil & 0x00000020, __rdx,  &_v144, _t159, _t173, _a48);
				r8d = r8d ^ r8d;
				E00007FF67FF6B0A95250(_t110, _t110, _t107, _t159, _t157, _t159, _t171, _t173 | 0xffffffff);
				if (_v112 - 8 < 0) goto 0xb0aca484;
				E00007FF67FF6B0AA44D8(_t107, _t110, _v136, _t107, _t157, _t171, _t173 | 0xffffffff);
				r8d = 1;
				E00007FF67FF6B0A947C0(_t110, _t110, ")", _t159, _t157, _t159, _t171);
				if ((sil & 0x00000010) == 0) goto 0xb0aca4d2;
				r8d = 3;
				E00007FF67FF6B0A947C0(_t110, _t110, L" : ", _t159, _t157, _t159, _t171);
				asm("repne scasw");
				E00007FF67FF6B0A947C0(_t110, _t110, _a48, _a48, _t157, _t159,  !(_t110 | 0xffffffff) - 1);
				r8d = 1;
				E00007FF67FF6B0A947C0(_t110, _t110, " ", _a48, _t157, _t159,  !(_t110 | 0xffffffff) - 1);
				return E00007FF67FF6B0AA4050(_v174 & 0x0000ffff, _v40 ^ _t161 - 0x000000e0, " ",  !(_t110 | 0xffffffff) - 1, _t173 | 0xffffffff);
			}































                                                                                                                                                                                                    0x7ff6b0aca270
                                                                                                                                                                                                    0x7ff6b0aca270
                                                                                                                                                                                                    0x7ff6b0aca27e
                                                                                                                                                                                                    0x7ff6b0aca287
                                                                                                                                                                                                    0x7ff6b0aca28b
                                                                                                                                                                                                    0x7ff6b0aca28f
                                                                                                                                                                                                    0x7ff6b0aca296
                                                                                                                                                                                                    0x7ff6b0aca299
                                                                                                                                                                                                    0x7ff6b0aca2a7
                                                                                                                                                                                                    0x7ff6b0aca2aa
                                                                                                                                                                                                    0x7ff6b0aca2af
                                                                                                                                                                                                    0x7ff6b0aca2c1
                                                                                                                                                                                                    0x7ff6b0aca2c5
                                                                                                                                                                                                    0x7ff6b0aca2cd
                                                                                                                                                                                                    0x7ff6b0aca2d1
                                                                                                                                                                                                    0x7ff6b0aca2d5
                                                                                                                                                                                                    0x7ff6b0aca2df
                                                                                                                                                                                                    0x7ff6b0aca2df
                                                                                                                                                                                                    0x7ff6b0aca2e7
                                                                                                                                                                                                    0x7ff6b0aca2f0
                                                                                                                                                                                                    0x7ff6b0aca2f2
                                                                                                                                                                                                    0x7ff6b0aca309
                                                                                                                                                                                                    0x7ff6b0aca31c
                                                                                                                                                                                                    0x7ff6b0aca331
                                                                                                                                                                                                    0x7ff6b0aca33a
                                                                                                                                                                                                    0x7ff6b0aca33e
                                                                                                                                                                                                    0x7ff6b0aca342
                                                                                                                                                                                                    0x7ff6b0aca346
                                                                                                                                                                                                    0x7ff6b0aca34a
                                                                                                                                                                                                    0x7ff6b0aca353
                                                                                                                                                                                                    0x7ff6b0aca368
                                                                                                                                                                                                    0x7ff6b0aca36e
                                                                                                                                                                                                    0x7ff6b0aca372
                                                                                                                                                                                                    0x7ff6b0aca376
                                                                                                                                                                                                    0x7ff6b0aca38e
                                                                                                                                                                                                    0x7ff6b0aca3a1
                                                                                                                                                                                                    0x7ff6b0aca3b6
                                                                                                                                                                                                    0x7ff6b0aca3bf
                                                                                                                                                                                                    0x7ff6b0aca3c7
                                                                                                                                                                                                    0x7ff6b0aca3de
                                                                                                                                                                                                    0x7ff6b0aca3f1
                                                                                                                                                                                                    0x7ff6b0aca406
                                                                                                                                                                                                    0x7ff6b0aca40f
                                                                                                                                                                                                    0x7ff6b0aca41a
                                                                                                                                                                                                    0x7ff6b0aca420
                                                                                                                                                                                                    0x7ff6b0aca42a
                                                                                                                                                                                                    0x7ff6b0aca433
                                                                                                                                                                                                    0x7ff6b0aca435
                                                                                                                                                                                                    0x7ff6b0aca445
                                                                                                                                                                                                    0x7ff6b0aca456
                                                                                                                                                                                                    0x7ff6b0aca460
                                                                                                                                                                                                    0x7ff6b0aca469
                                                                                                                                                                                                    0x7ff6b0aca478
                                                                                                                                                                                                    0x7ff6b0aca47f
                                                                                                                                                                                                    0x7ff6b0aca484
                                                                                                                                                                                                    0x7ff6b0aca494
                                                                                                                                                                                                    0x7ff6b0aca49d
                                                                                                                                                                                                    0x7ff6b0aca49f
                                                                                                                                                                                                    0x7ff6b0aca4af
                                                                                                                                                                                                    0x7ff6b0aca4bd
                                                                                                                                                                                                    0x7ff6b0aca4cd
                                                                                                                                                                                                    0x7ff6b0aca4d2
                                                                                                                                                                                                    0x7ff6b0aca4e2
                                                                                                                                                                                                    0x7ff6b0aca511

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf$CurrentSystemThreadTime
                                                                                                                                                                                                    • String ID: : $[%02d:%02d:%02d.%03d]$[%06d] $[%d]
                                                                                                                                                                                                    • API String ID: 4294719311-3835557347
                                                                                                                                                                                                    • Opcode ID: edd22a6c2a58dc5b7b6573fc0000327affbe386b199eabaa2583348143a99127
                                                                                                                                                                                                    • Instruction ID: d63b6d0eb37050f0301b3f71c5b8d357e38ddaa1e86bddbcbe88eaac4a2ce637
                                                                                                                                                                                                    • Opcode Fuzzy Hash: edd22a6c2a58dc5b7b6573fc0000327affbe386b199eabaa2583348143a99127
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB618A32618681A5E7609B69E8047EA76A0FB85BA4F501732EB6D83BD6DF3DD040C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9EF30 Relevance: 15.4, APIs: 10, Instructions: 392COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF67FF6B0A9EF30(char __ebx, void* __ecx, long long __rbx, void* __rcx, long long __rbp, void* __r9) {
				void* _v40;
				signed int _v48;
				long long _v56;
				long long _v64;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				char _v112;
				char _v119;
				signed char _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				void* __rdi;
				void* __rsi;
				signed char _t142;
				void* _t146;
				void* _t152;
				void* _t258;
				signed long long _t259;
				intOrPtr* _t261;
				intOrPtr* _t262;
				long long _t324;
				char* _t326;
				void* _t329;
				char* _t331;
				char* _t333;
				void* _t334;
				void* _t335;
				intOrPtr* _t340;
				intOrPtr _t356;
				char _t360;
				long long _t378;
				char _t385;
				char _t387;
				char _t389;
				void* _t397;
				char* _t399;
				char* _t401;
				void* _t402;
				void* _t406;
				void* _t409;
				char _t411;
				char _t413;
				long long _t426;
				long long _t432;
				signed long long _t434;
				long long _t437;

				_t323 = __rbx;
				_t258 = _t406;
				_v96 = 0xfffffffe;
				 *((long long*)(_t258 + 0x10)) = __rbx;
				 *((long long*)(_t258 + 0x18)) = __rbp;
				_t259 =  *0xb0ae0430; // 0x449f37dbf1f
				_v48 = _t259 ^ _t406 - 0x00000090;
				_t402 = __rcx;
				_t261 =  *((intOrPtr*)(__rcx + 0x40));
				if ( *_t261 == 0) goto 0xb0a9ef9c;
				_t262 =  *((intOrPtr*)(__rcx + 0x58));
				if ( *_t261 -  *_t262 +  *_t261 >= 0) goto 0xb0a9ef9c;
				 *_t262 =  *_t262 - 1;
				_t340 =  *((intOrPtr*)(__rcx + 0x40));
				_t369 =  *_t340;
				 *_t340 =  *_t340 + 1;
				goto 0xb0a9f542;
				_t341 =  *((intOrPtr*)(__rcx + 0x88));
				if ( *((intOrPtr*)(__rcx + 0x88)) != 0) goto 0xb0a9efb0;
				goto 0xb0a9f542;
				if ( *((long long*)(__rcx + 0x70)) != 0) goto 0xb0a9efd3;
				_t142 = E00007FF67FF6B0AA6DD4( *_t340 + 1, __rbx,  *((intOrPtr*)(__rcx + 0x88)), _t369, _t409);
				if (_t142 == 0xffffffff) goto 0xb0a9efc7;
				r12d = _t142 & 0x000000ff;
				goto 0xb0a9efcb;
				goto 0xb0a9f542;
				_v56 = 0xf;
				r14d = 0;
				_v64 = _t437;
				_v80 = r14b;
				if (E00007FF67FF6B0AA6DD4( *_t340 + 1, _t323, _t341, _t369, _t409) == r12d) goto 0xb0a9f52a;
				if ((_t434 | 0xffffffffffffffff) - _v64 - 1 > 0) goto 0xb0a9f01b;
				E00007FF67FF6B0AA33CC( *_t340 + 1, _t323, _t397, __rbp, _t409, __r9);
				_t324 = _v64 + 1;
				if (_t324 - 0xfffffffe <= 0) goto 0xb0a9f02f;
				_t146 = E00007FF67FF6B0AA33CC( *_t340 + 1, _t324, _t397, __rbp, _t409, __r9);
				if (_v56 - _t324 >= 0) goto 0xb0a9f05b;
				E00007FF67FF6B0A92250(_t146,  &_v88, _t324, _v64);
				goto 0xb0a9f085;
				if (_t324 != 0) goto 0xb0a9f085;
				_v64 = _t437;
				_t265 =  >=  ? _v80 :  &_v80;
				 *((char*)( >=  ? _v80 :  &_v80)) = __ebx;
				goto 0xb0a9f0c7;
				if (_t324 == 0) goto 0xb0a9f0c7;
				_t267 =  >=  ? _v80 :  &_v80;
				 *((intOrPtr*)(( >=  ? _v80 :  &_v80) + _v64)) = dil;
				_v64 = _t324;
				_t269 =  >=  ? _v80 :  &_v80;
				 *((char*)(( >=  ? _v80 :  &_v80) + _t324)) = 0;
				_t411 = _v80;
				if (_v56 - 0x10 < 0) goto 0xb0a9f0dc;
				if (_t411 == 0) goto 0xb0a9f108;
				goto 0xb0a9f0e1;
				_t399 =  &_v80;
				_t271 =  >=  ? _t411 :  &_v80;
				_t198 = ( >=  ? _t411 :  &_v80) - _t399;
				if (( >=  ? _t411 :  &_v80) - _t399 > 0) goto 0xb0a9f108;
				_t273 =  >=  ? _t411 :  &_v80;
				_t274 = ( >=  ? _t411 :  &_v80) + _v64;
				_t200 = _t399 - ( >=  ? _t411 :  &_v80) + _v64;
				if (_t399 - ( >=  ? _t411 :  &_v80) + _v64 <= 0) goto 0xb0a9f11f;
				E00007FF67FF6B0AA44B8();
				if ( &_v88 == 0xfffffffc) goto 0xb0a9f156;
				_t277 =  >=  ? _v80 :  &_v80;
				_t278 = ( >=  ? _v80 :  &_v80) + _v64;
				_t203 = _t399 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t399 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0xb0a9f156;
				E00007FF67FF6B0AA44B8();
				_t378 = _v64;
				_t413 = _v80;
				if (_v56 - 0x10 < 0) goto 0xb0a9f169;
				if (_t413 == 0) goto 0xb0a9f195;
				goto 0xb0a9f16e;
				_t326 =  &_v80;
				_t280 =  >=  ? _t413 :  &_v80;
				_t207 = ( >=  ? _t413 :  &_v80) - _t326;
				if (( >=  ? _t413 :  &_v80) - _t326 > 0) goto 0xb0a9f195;
				_t282 =  >=  ? _t413 :  &_v80;
				_t283 = ( >=  ? _t413 :  &_v80) + _t378;
				_t209 = _t326 - ( >=  ? _t413 :  &_v80) + _t378;
				if (_t326 - ( >=  ? _t413 :  &_v80) + _t378 <= 0) goto 0xb0a9f1ac;
				E00007FF67FF6B0AA44B8();
				if ( &_v88 == 0xfffffffc) goto 0xb0a9f1d1;
				_t286 =  >=  ? _v80 :  &_v80;
				_t287 = ( >=  ? _v80 :  &_v80) + _v64;
				_t212 = _t326 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t326 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0xb0a9f1d1;
				E00007FF67FF6B0AA44B8();
				_v128 =  &_v104;
				_v136 =  &_v119;
				_v144 =  &_v120;
				_v152 =  &_v112;
				_t152 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t402 + 0x70)))) + 0x20))();
				if (_t152 < 0) goto 0xb0a9f510;
				if (_t152 - 1 <= 0) goto 0xb0a9f238;
				if (_t152 != 3) goto 0xb0a9f510;
				if (_v64 - 1 >= 0) goto 0xb0a9f363;
				goto 0xb0a9f347;
				if (_v104 !=  &_v120) goto 0xb0a9f41f;
				_t385 = _v80;
				if (_v56 - 0x10 < 0) goto 0xb0a9f265;
				if (_t385 == 0) goto 0xb0a9f296;
				goto 0xb0a9f26a;
				_t401 =  &_v80;
				_t291 =  >=  ? _t385 :  &_v80;
				_t221 = ( >=  ? _t385 :  &_v80) - _t401;
				if (( >=  ? _t385 :  &_v80) - _t401 > 0) goto 0xb0a9f296;
				_t293 =  >=  ? _t385 :  &_v80;
				_t294 = ( >=  ? _t385 :  &_v80) + _v64;
				_t223 = _t401 - ( >=  ? _t385 :  &_v80) + _v64;
				if (_t401 - ( >=  ? _t385 :  &_v80) + _v64 <= 0) goto 0xb0a9f2ad;
				E00007FF67FF6B0AA44B8();
				if ( &_v88 == 0xfffffffc) goto 0xb0a9f2e4;
				_t297 =  >=  ? _v80 :  &_v80;
				_t298 = ( >=  ? _v80 :  &_v80) + _v64;
				_t226 = _t401 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t401 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0xb0a9f2e4;
				E00007FF67FF6B0AA44B8();
				_t426 = _v64;
				_t387 = _v80;
				_t329 =  <  ? _t426 : _v112 - _t401;
				if (_t329 == 0) goto 0xb0a9f347;
				_t300 =  >=  ? _t387 :  &_v80;
				_t355 =  >=  ? _t387 :  &_v80;
				_t427 = _t426 - _t329;
				_t416 = _t329 + ( >=  ? _t387 :  &_v80);
				E00007FF67FF6B0AA4070( >=  ? _t387 :  &_v80, _v56, _t329 + ( >=  ? _t387 :  &_v80), _t426 - _t329);
				_t432 = _v64 - _t329;
				_v64 = _t432;
				_t302 =  >=  ? _v80 :  &_v80;
				 *((char*)(_t432 + ( >=  ? _v80 :  &_v80))) = 0;
				_t356 =  *((intOrPtr*)(_t402 + 0x88));
				if (E00007FF67FF6B0AA6DD4( >=  ? _v80 :  &_v80, _t329, _t356, _v56, _t329 + ( >=  ? _t387 :  &_v80)) == 0xffffffff) goto 0xb0a9f52a;
				goto 0xb0a9f000;
				_t389 = _v80;
				if (_v56 - 0x10 < 0) goto 0xb0a9f380;
				if (_t389 == 0) goto 0xb0a9f3ac;
				goto 0xb0a9f385;
				_t331 =  &_v80;
				_t304 =  >=  ? _t389 :  &_v80;
				_t236 = ( >=  ? _t389 :  &_v80) - _t331;
				if (( >=  ? _t389 :  &_v80) - _t331 > 0) goto 0xb0a9f3ac;
				_t306 =  >=  ? _t389 :  &_v80;
				_t307 = ( >=  ? _t389 :  &_v80) + _t356;
				_t238 = _t331 - ( >=  ? _t389 :  &_v80) + _t356;
				if (_t331 - ( >=  ? _t389 :  &_v80) + _t356 <= 0) goto 0xb0a9f3c3;
				E00007FF67FF6B0AA44B8();
				if ( &_v88 == 0xfffffffc) goto 0xb0a9f3e8;
				_t310 =  >=  ? _v80 :  &_v80;
				_t311 = ( >=  ? _v80 :  &_v80) + _v64;
				_t241 = _t331 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t331 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0xb0a9f3e8;
				E00007FF67FF6B0AA44B8();
				r9d = 1;
				E00007FF67FF6B0AA44E0(( >=  ? _v80 :  &_v80) + _v64, _t331,  &_v120, _t426 - _t329, _t402, _t331, _t426 - _t329);
				if (_v56 - 0x10 < 0) goto 0xb0a9f418;
				E00007FF67FF6B0AA44D8(( >=  ? _v80 :  &_v80) + _v64, _t331, _v80, _t426 - _t329, _t402, _t331, _t427);
				goto 0xb0a9f542;
				_t360 = _v80;
				if (_v56 - 0x10 < 0) goto 0xb0a9f43c;
				if (_t360 == 0) goto 0xb0a9f46d;
				goto 0xb0a9f441;
				_t333 =  &_v80;
				_t313 =  >=  ? _t360 :  &_v80;
				_t246 = ( >=  ? _t360 :  &_v80) - _t333;
				if (( >=  ? _t360 :  &_v80) - _t333 > 0) goto 0xb0a9f46d;
				_t315 =  >=  ? _t360 :  &_v80;
				_t316 = ( >=  ? _t360 :  &_v80) + _v64;
				_t248 = _t333 - ( >=  ? _t360 :  &_v80) + _v64;
				if (_t333 - ( >=  ? _t360 :  &_v80) + _v64 <= 0) goto 0xb0a9f484;
				E00007FF67FF6B0AA44B8();
				if ( &_v88 == 0xfffffffc) goto 0xb0a9f4b6;
				_t319 =  >=  ? _v80 :  &_v80;
				_t320 = ( >=  ? _v80 :  &_v80) + _v64;
				_t251 = _t333 - ( >=  ? _v80 :  &_v80) + _v64;
				if (_t333 - ( >=  ? _v80 :  &_v80) + _v64 < 0) goto 0xb0a9f4b6;
				_t334 = (_v120 & 0x000000ff) - E00007FF67FF6B0AA44B8() + _v64;
				if (_t334 <= 0) goto 0xb0a9f4fc;
				_t335 = _t334 - 1;
				E00007FF67FF6B0AA6B00( *((char*)(_t335 + _v112)), _v112, _t335, _v80,  *((intOrPtr*)(_t402 + 0x88)), _t402, _t378);
				if (_t335 <= 0) goto 0xb0a9f4ef;
				goto 0xb0a9f4d0;
				if (_v56 - 0x10 < 0) goto 0xb0a9f50c;
				E00007FF67FF6B0AA44D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				goto 0xb0a9f542;
				if (_v56 - 0x10 < 0) goto 0xb0a9f525;
				E00007FF67FF6B0AA44D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				goto 0xb0a9f542;
				if (_v56 - 0x10 < 0) goto 0xb0a9f53f;
				E00007FF67FF6B0AA44D8(_v112, _t335, _v80, _v56, _t402, _v64, _t427);
				return E00007FF67FF6B0AA4050( *((char*)(_t335 + _v112)), _v48 ^ _t406 - 0x00000090, _v56, _v64, _t427);
			}





















































                                                                                                                                                                                                    0x7ff6b0a9ef30
                                                                                                                                                                                                    0x7ff6b0a9ef30
                                                                                                                                                                                                    0x7ff6b0a9ef42
                                                                                                                                                                                                    0x7ff6b0a9ef4b
                                                                                                                                                                                                    0x7ff6b0a9ef4f
                                                                                                                                                                                                    0x7ff6b0a9ef53
                                                                                                                                                                                                    0x7ff6b0a9ef5d
                                                                                                                                                                                                    0x7ff6b0a9ef65
                                                                                                                                                                                                    0x7ff6b0a9ef68
                                                                                                                                                                                                    0x7ff6b0a9ef70
                                                                                                                                                                                                    0x7ff6b0a9ef75
                                                                                                                                                                                                    0x7ff6b0a9ef82
                                                                                                                                                                                                    0x7ff6b0a9ef84
                                                                                                                                                                                                    0x7ff6b0a9ef86
                                                                                                                                                                                                    0x7ff6b0a9ef8a
                                                                                                                                                                                                    0x7ff6b0a9ef91
                                                                                                                                                                                                    0x7ff6b0a9ef97
                                                                                                                                                                                                    0x7ff6b0a9ef9c
                                                                                                                                                                                                    0x7ff6b0a9efa6
                                                                                                                                                                                                    0x7ff6b0a9efab
                                                                                                                                                                                                    0x7ff6b0a9efb5
                                                                                                                                                                                                    0x7ff6b0a9efb7
                                                                                                                                                                                                    0x7ff6b0a9efbf
                                                                                                                                                                                                    0x7ff6b0a9efc1
                                                                                                                                                                                                    0x7ff6b0a9efc5
                                                                                                                                                                                                    0x7ff6b0a9efce
                                                                                                                                                                                                    0x7ff6b0a9efd3
                                                                                                                                                                                                    0x7ff6b0a9efdf
                                                                                                                                                                                                    0x7ff6b0a9efe2
                                                                                                                                                                                                    0x7ff6b0a9efe7
                                                                                                                                                                                                    0x7ff6b0a9effa
                                                                                                                                                                                                    0x7ff6b0a9f00f
                                                                                                                                                                                                    0x7ff6b0a9f011
                                                                                                                                                                                                    0x7ff6b0a9f01b
                                                                                                                                                                                                    0x7ff6b0a9f023
                                                                                                                                                                                                    0x7ff6b0a9f025
                                                                                                                                                                                                    0x7ff6b0a9f03a
                                                                                                                                                                                                    0x7ff6b0a9f047
                                                                                                                                                                                                    0x7ff6b0a9f059
                                                                                                                                                                                                    0x7ff6b0a9f05e
                                                                                                                                                                                                    0x7ff6b0a9f060
                                                                                                                                                                                                    0x7ff6b0a9f06e
                                                                                                                                                                                                    0x7ff6b0a9f074
                                                                                                                                                                                                    0x7ff6b0a9f083
                                                                                                                                                                                                    0x7ff6b0a9f088
                                                                                                                                                                                                    0x7ff6b0a9f093
                                                                                                                                                                                                    0x7ff6b0a9f099
                                                                                                                                                                                                    0x7ff6b0a9f09d
                                                                                                                                                                                                    0x7ff6b0a9f0b0
                                                                                                                                                                                                    0x7ff6b0a9f0b6
                                                                                                                                                                                                    0x7ff6b0a9f0c7
                                                                                                                                                                                                    0x7ff6b0a9f0d0
                                                                                                                                                                                                    0x7ff6b0a9f0d8
                                                                                                                                                                                                    0x7ff6b0a9f0da
                                                                                                                                                                                                    0x7ff6b0a9f0dc
                                                                                                                                                                                                    0x7ff6b0a9f0ea
                                                                                                                                                                                                    0x7ff6b0a9f0ee
                                                                                                                                                                                                    0x7ff6b0a9f0f1
                                                                                                                                                                                                    0x7ff6b0a9f0fc
                                                                                                                                                                                                    0x7ff6b0a9f100
                                                                                                                                                                                                    0x7ff6b0a9f103
                                                                                                                                                                                                    0x7ff6b0a9f106
                                                                                                                                                                                                    0x7ff6b0a9f108
                                                                                                                                                                                                    0x7ff6b0a9f128
                                                                                                                                                                                                    0x7ff6b0a9f133
                                                                                                                                                                                                    0x7ff6b0a9f137
                                                                                                                                                                                                    0x7ff6b0a9f13a
                                                                                                                                                                                                    0x7ff6b0a9f13d
                                                                                                                                                                                                    0x7ff6b0a9f13f
                                                                                                                                                                                                    0x7ff6b0a9f14c
                                                                                                                                                                                                    0x7ff6b0a9f151
                                                                                                                                                                                                    0x7ff6b0a9f15d
                                                                                                                                                                                                    0x7ff6b0a9f165
                                                                                                                                                                                                    0x7ff6b0a9f167
                                                                                                                                                                                                    0x7ff6b0a9f169
                                                                                                                                                                                                    0x7ff6b0a9f177
                                                                                                                                                                                                    0x7ff6b0a9f17b
                                                                                                                                                                                                    0x7ff6b0a9f17e
                                                                                                                                                                                                    0x7ff6b0a9f189
                                                                                                                                                                                                    0x7ff6b0a9f18d
                                                                                                                                                                                                    0x7ff6b0a9f190
                                                                                                                                                                                                    0x7ff6b0a9f193
                                                                                                                                                                                                    0x7ff6b0a9f195
                                                                                                                                                                                                    0x7ff6b0a9f1b5
                                                                                                                                                                                                    0x7ff6b0a9f1c0
                                                                                                                                                                                                    0x7ff6b0a9f1c4
                                                                                                                                                                                                    0x7ff6b0a9f1c7
                                                                                                                                                                                                    0x7ff6b0a9f1ca
                                                                                                                                                                                                    0x7ff6b0a9f1cc
                                                                                                                                                                                                    0x7ff6b0a9f1e1
                                                                                                                                                                                                    0x7ff6b0a9f1eb
                                                                                                                                                                                                    0x7ff6b0a9f1f5
                                                                                                                                                                                                    0x7ff6b0a9f1ff
                                                                                                                                                                                                    0x7ff6b0a9f20b
                                                                                                                                                                                                    0x7ff6b0a9f210
                                                                                                                                                                                                    0x7ff6b0a9f219
                                                                                                                                                                                                    0x7ff6b0a9f21e
                                                                                                                                                                                                    0x7ff6b0a9f22d
                                                                                                                                                                                                    0x7ff6b0a9f233
                                                                                                                                                                                                    0x7ff6b0a9f242
                                                                                                                                                                                                    0x7ff6b0a9f248
                                                                                                                                                                                                    0x7ff6b0a9f259
                                                                                                                                                                                                    0x7ff6b0a9f261
                                                                                                                                                                                                    0x7ff6b0a9f263
                                                                                                                                                                                                    0x7ff6b0a9f265
                                                                                                                                                                                                    0x7ff6b0a9f273
                                                                                                                                                                                                    0x7ff6b0a9f277
                                                                                                                                                                                                    0x7ff6b0a9f27a
                                                                                                                                                                                                    0x7ff6b0a9f285
                                                                                                                                                                                                    0x7ff6b0a9f28e
                                                                                                                                                                                                    0x7ff6b0a9f291
                                                                                                                                                                                                    0x7ff6b0a9f294
                                                                                                                                                                                                    0x7ff6b0a9f296
                                                                                                                                                                                                    0x7ff6b0a9f2b6
                                                                                                                                                                                                    0x7ff6b0a9f2c1
                                                                                                                                                                                                    0x7ff6b0a9f2c5
                                                                                                                                                                                                    0x7ff6b0a9f2c8
                                                                                                                                                                                                    0x7ff6b0a9f2cb
                                                                                                                                                                                                    0x7ff6b0a9f2cd
                                                                                                                                                                                                    0x7ff6b0a9f2da
                                                                                                                                                                                                    0x7ff6b0a9f2df
                                                                                                                                                                                                    0x7ff6b0a9f2ef
                                                                                                                                                                                                    0x7ff6b0a9f2f6
                                                                                                                                                                                                    0x7ff6b0a9f301
                                                                                                                                                                                                    0x7ff6b0a9f30e
                                                                                                                                                                                                    0x7ff6b0a9f312
                                                                                                                                                                                                    0x7ff6b0a9f315
                                                                                                                                                                                                    0x7ff6b0a9f31c
                                                                                                                                                                                                    0x7ff6b0a9f326
                                                                                                                                                                                                    0x7ff6b0a9f329
                                                                                                                                                                                                    0x7ff6b0a9f33c
                                                                                                                                                                                                    0x7ff6b0a9f342
                                                                                                                                                                                                    0x7ff6b0a9f347
                                                                                                                                                                                                    0x7ff6b0a9f358
                                                                                                                                                                                                    0x7ff6b0a9f35e
                                                                                                                                                                                                    0x7ff6b0a9f363
                                                                                                                                                                                                    0x7ff6b0a9f374
                                                                                                                                                                                                    0x7ff6b0a9f37c
                                                                                                                                                                                                    0x7ff6b0a9f37e
                                                                                                                                                                                                    0x7ff6b0a9f380
                                                                                                                                                                                                    0x7ff6b0a9f38e
                                                                                                                                                                                                    0x7ff6b0a9f392
                                                                                                                                                                                                    0x7ff6b0a9f395
                                                                                                                                                                                                    0x7ff6b0a9f3a0
                                                                                                                                                                                                    0x7ff6b0a9f3a4
                                                                                                                                                                                                    0x7ff6b0a9f3a7
                                                                                                                                                                                                    0x7ff6b0a9f3aa
                                                                                                                                                                                                    0x7ff6b0a9f3ac
                                                                                                                                                                                                    0x7ff6b0a9f3cc
                                                                                                                                                                                                    0x7ff6b0a9f3d7
                                                                                                                                                                                                    0x7ff6b0a9f3db
                                                                                                                                                                                                    0x7ff6b0a9f3de
                                                                                                                                                                                                    0x7ff6b0a9f3e1
                                                                                                                                                                                                    0x7ff6b0a9f3e3
                                                                                                                                                                                                    0x7ff6b0a9f3e8
                                                                                                                                                                                                    0x7ff6b0a9f3f9
                                                                                                                                                                                                    0x7ff6b0a9f40c
                                                                                                                                                                                                    0x7ff6b0a9f413
                                                                                                                                                                                                    0x7ff6b0a9f41a
                                                                                                                                                                                                    0x7ff6b0a9f41f
                                                                                                                                                                                                    0x7ff6b0a9f430
                                                                                                                                                                                                    0x7ff6b0a9f438
                                                                                                                                                                                                    0x7ff6b0a9f43a
                                                                                                                                                                                                    0x7ff6b0a9f43c
                                                                                                                                                                                                    0x7ff6b0a9f44a
                                                                                                                                                                                                    0x7ff6b0a9f44e
                                                                                                                                                                                                    0x7ff6b0a9f451
                                                                                                                                                                                                    0x7ff6b0a9f45c
                                                                                                                                                                                                    0x7ff6b0a9f465
                                                                                                                                                                                                    0x7ff6b0a9f468
                                                                                                                                                                                                    0x7ff6b0a9f46b
                                                                                                                                                                                                    0x7ff6b0a9f46d
                                                                                                                                                                                                    0x7ff6b0a9f48d
                                                                                                                                                                                                    0x7ff6b0a9f498
                                                                                                                                                                                                    0x7ff6b0a9f49c
                                                                                                                                                                                                    0x7ff6b0a9f49f
                                                                                                                                                                                                    0x7ff6b0a9f4a2
                                                                                                                                                                                                    0x7ff6b0a9f4c1
                                                                                                                                                                                                    0x7ff6b0a9f4c7
                                                                                                                                                                                                    0x7ff6b0a9f4d0
                                                                                                                                                                                                    0x7ff6b0a9f4de
                                                                                                                                                                                                    0x7ff6b0a9f4e6
                                                                                                                                                                                                    0x7ff6b0a9f4ed
                                                                                                                                                                                                    0x7ff6b0a9f505
                                                                                                                                                                                                    0x7ff6b0a9f507
                                                                                                                                                                                                    0x7ff6b0a9f50e
                                                                                                                                                                                                    0x7ff6b0a9f519
                                                                                                                                                                                                    0x7ff6b0a9f520
                                                                                                                                                                                                    0x7ff6b0a9f528
                                                                                                                                                                                                    0x7ff6b0a9f533
                                                                                                                                                                                                    0x7ff6b0a9f53a
                                                                                                                                                                                                    0x7ff6b0a9f56d

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4881c8078162d35f82bba43f03a585fc8a805b2fb2cb09d7df4f1abe047ead2c
                                                                                                                                                                                                    • Instruction ID: 853e4257066e0313f5adf34aca05214a568249f22bcb619f7234391c36af3718
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4881c8078162d35f82bba43f03a585fc8a805b2fb2cb09d7df4f1abe047ead2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F026763708B4195EE108B5DE0502AE6B61FB847D0F944A32EB9D87BE7DF2DE485CB40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA7934 Relevance: 15.3, APIs: 10, Instructions: 253COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                                                                    			E00007FF67FF6B0AA7934(signed long long __rbx, long long __rcx, long long __rsi, long long __rbp) {
				void* _v40;
				signed int _v48;
				char _v65;
				intOrPtr _v66;
				signed short _v72;
				signed long long _v96;
				signed int _v104;
				char _v120;
				char _v128;
				char _v136;
				long long _v144;
				long long _v152;
				void* __rdi;
				signed int _t102;
				signed int _t130;
				signed int _t135;
				void* _t137;
				void* _t139;
				void* _t164;
				signed long long _t167;
				signed long long _t168;
				intOrPtr* _t169;
				signed int _t170;
				long long _t172;
				signed long long _t180;
				signed char* _t189;
				signed char* _t194;
				signed long long _t211;
				void* _t214;
				int _t222;
				long long _t223;
				long long _t225;
				intOrPtr* _t228;
				long long _t229;
				void* _t231;
				void* _t234;
				void* _t236;
				void* _t239;
				void* _t241;
				signed long long _t242;
				signed long long _t243;
				void* _t245;
				signed long long _t247;
				void* _t249;
				signed long long _t251;
				void* _t253;
				signed long long _t255;

				_t225 = __rsi;
				_t180 = __rbx;
				_t239 = _t231;
				 *((long long*)(_t239 + 0x10)) = __rbx;
				 *((long long*)(_t239 + 0x18)) = __rbp;
				 *((long long*)(_t239 + 0x20)) = __rsi;
				_t167 =  *0xb0ae0430; // 0x449f37dbf1f
				_t168 = _t167 ^ _t231 - 0x00000090;
				_v48 = _t168;
				_t223 = __rcx;
				 *((long long*)(_t239 - 0x58)) = __rcx;
				_v96 = __rbx;
				_t242 = __rbx;
				 *((long long*)(_t239 - 0x50)) = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x14)) == 0) goto 0xb0aa7cd0;
				_t228 = __rcx + 4;
				_t10 = _t180 + 1; // 0x1
				_t137 = _t10;
				if ( *_t228 != 0) goto 0xb0aa79bb;
				r8d =  *(__rcx + 0x30) & 0x0000ffff;
				r9d = 0x1004;
				_v152 = _t228;
				if (E00007FF67FF6B0AAFB68(0, 0, __rbx, _t239 - 0x58, _t234) != 0) goto 0xb0aa7ca0;
				E00007FF67FF6B0AAA574(_t139, _t168, __rbx, _t239 - 0x58, __rsi, _t228);
				r12d = 0x180;
				_v96 = _t168;
				E00007FF67FF6B0AAA5E0(_t180, _t242, _t214, _t223, _t225, _t228, _t253, _t249);
				_t247 = _t168;
				E00007FF67FF6B0AAA5E0(_t180, _t242, _t225, _t223, _t225, _t228, _t245, _t241);
				_t255 = _t168;
				E00007FF67FF6B0AAA5E0(_t180, _t242, _t225, _t223, _t225, _t228);
				_t251 = _t168;
				E00007FF67FF6B0AAA5E0(_t180, _t242, _t225, _t223, _t225, _t228);
				_t243 = _t168;
				_t169 = _v96;
				if (_t169 == _t180) goto 0xb0aa7ca0;
				if (_t247 == _t180) goto 0xb0aa7ca0;
				if (_t243 == _t180) goto 0xb0aa7ca0;
				if (_t255 == _t180) goto 0xb0aa7ca0;
				if (_t251 == _t180) goto 0xb0aa7ca0;
				 *_t169 = 0;
				 *_t243 = 0;
				if (0 + _t137 - 0x100 < 0) goto 0xb0aa7a45;
				if (GetCPInfo(_t222) == 0) goto 0xb0aa7ca0;
				if (_v72 - 5 > 0) goto 0xb0aa7ca0;
				_t102 = _v72 & 0x0000ffff;
				_v104 = _t102;
				if (_t102 - _t137 <= 0) goto 0xb0aa7ab0;
				if (_v66 == 0) goto 0xb0aa7ab0;
				_t22 =  &_v65; // 0x1f7
				_t189 = _t22;
				if ( *_t189 == 0) goto 0xb0aa7ab0;
				_t130 =  *(_t189 - 1) & 0x000000ff;
				goto 0xb0aa7aa0;
				_t170 = _t130;
				 *((char*)(_t170 + _t243)) = 0x20;
				if (_t130 + _t137 - ( *_t189 & 0x000000ff) <= 0) goto 0xb0aa7a96;
				if ( *((intOrPtr*)( &(_t189[2]) - 1)) != 0) goto 0xb0aa7a8c;
				_v128 = 0;
				_t27 = _t247 + 0x100; // 0x100
				_v136 = 0;
				_v144 =  *_t228;
				_v152 = _t27;
				r9d = 0x100;
				if (E00007FF67FF6B0AB2858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236) == 0) goto 0xb0aa7ca0;
				_v120 = 0;
				_v128 =  *_t228;
				_t34 = _t255 + 0x81; // 0x81
				_v136 = 0xff;
				_v144 = _t34;
				_t37 = _t170 + 1; // 0x100
				r8d = _t37;
				_t38 = _t243 + 1; // 0x1
				_v152 = 0xff;
				if (E00007FF67FF6B0AAAC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF67FF6B0AB2858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236), _t170, _t180, _t34, _t225, _t243, _t38) == 0) goto 0xb0aa7ca0;
				_v120 = 0;
				_v128 =  *_t228;
				_t43 = _t251 + 0x81; // 0x81
				_v136 = 0xff;
				_v144 = _t43;
				_t46 = _t243 + 1; // 0x1
				r8d = 0x200;
				_v152 = 0xff;
				if (E00007FF67FF6B0AAAC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF67FF6B0AAAC68(0,  *((intOrPtr*)(_t223 + 0x14)), E00007FF67FF6B0AB2858(_t137,  *((intOrPtr*)( &(_t189[2]) - 1)), _t170, _t180, _t27, _t225, _t243, _t236), _t170, _t180, _t34, _t225, _t243, _t38), _t170, _t180, _t43, _t225, _t243, _t46) == 0) goto 0xb0aa7ca0;
				_t49 = _t247 + 0xfe; // 0xfe
				_t229 = _t49;
				 *_t229 = 0;
				 *((char*)(_t255 + 0x7f)) = 0;
				 *((char*)(_t251 + 0x7f)) = 0;
				 *((char*)(_t255 + 0x80)) = 0;
				 *((char*)(_t251 + 0x80)) = 0;
				if (_v104 - _t137 <= 0) goto 0xb0aa7bc5;
				if (_v66 == 0) goto 0xb0aa7bc5;
				_t55 =  &_v65; // 0x1f7
				_t194 = _t55;
				if ( *_t194 == 0) goto 0xb0aa7bc5;
				_t135 =  *(_t194 - 1) & 0x000000ff;
				goto 0xb0aa7bb5;
				r8d = 0x8000;
				 *((intOrPtr*)(_t247 + 0x100 + _t135 * 2)) = r8w;
				if (_t135 + _t137 - ( *_t194 & 0x000000ff) <= 0) goto 0xb0aa7ba1;
				if ( *((intOrPtr*)( &(_t194[2]) - 1)) != 0) goto 0xb0aa7b97;
				_t61 = _t247 + 0x200; // 0x200
				r8d = 0xfe;
				E00007FF67FF6B0AAAE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t247, _t61, _t243);
				_t62 = _t255 + 0x100; // 0x100
				r8d = 0x7f;
				E00007FF67FF6B0AAAE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t255, _t62, _t243);
				_t63 = _t251 + 0x100; // 0x100
				r8d = 0x7f;
				E00007FF67FF6B0AAAE90(0,  *((intOrPtr*)( &(_t194[2]) - 1)), _t251, _t63, _t243);
				_t164 =  *((intOrPtr*)(_t223 + 0x130)) - _t180;
				if (_t164 == 0) goto 0xb0aa7c55;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t164 != 0) goto 0xb0aa7c55;
				free(??);
				free(??);
				free(??);
				free(??);
				_t172 = _v96;
				 *_t172 = _t137;
				 *((long long*)(_t223 + 0x130)) = _t172;
				_t71 = _t247 + 0x100; // 0x100
				 *((long long*)(_t223 + 0x140)) = _t71;
				_t73 = _t255 + 0x80; // 0x80
				 *((long long*)(_t223 + 0x138)) = _t229;
				 *((long long*)(_t223 + 0x148)) = _t73;
				_t76 = _t251 + 0x80; // 0x80
				 *((long long*)(_t223 + 0x150)) = _t76;
				 *(_t223 + 0x10c) = _v104;
				goto 0xb0aa7cc4;
				free(??);
				free(??);
				free(??);
				free(??);
				_t211 = _t243;
				free(??);
				goto 0xb0aa7d25;
				if ( *(_t211 + 0x130) == _t180) goto 0xb0aa7ce0;
				asm("lock add dword [eax], 0xffffffff");
				 *(_t211 + 0x130) = _t180;
				 *((long long*)(_t211 + 0x140)) = 0xb0ad0ed0;
				 *(_t211 + 0x138) = _t180;
				 *((long long*)(_t211 + 0x148)) = 0xb0ad1360;
				 *((intOrPtr*)(_t211 + 0x10c)) = 1;
				 *((long long*)(_t211 + 0x150)) = 0xb0ad14e0;
				return E00007FF67FF6B0AA4050(0, _v48 ^ _t231 - 0x00000090, _t63, _t243, _t46);
			}


















































                                                                                                                                                                                                    0x7ff6b0aa7934
                                                                                                                                                                                                    0x7ff6b0aa7934
                                                                                                                                                                                                    0x7ff6b0aa7934
                                                                                                                                                                                                    0x7ff6b0aa7937
                                                                                                                                                                                                    0x7ff6b0aa793b
                                                                                                                                                                                                    0x7ff6b0aa793f
                                                                                                                                                                                                    0x7ff6b0aa7953
                                                                                                                                                                                                    0x7ff6b0aa795a
                                                                                                                                                                                                    0x7ff6b0aa795d
                                                                                                                                                                                                    0x7ff6b0aa7967
                                                                                                                                                                                                    0x7ff6b0aa796a
                                                                                                                                                                                                    0x7ff6b0aa796e
                                                                                                                                                                                                    0x7ff6b0aa797c
                                                                                                                                                                                                    0x7ff6b0aa797f
                                                                                                                                                                                                    0x7ff6b0aa7986
                                                                                                                                                                                                    0x7ff6b0aa798c
                                                                                                                                                                                                    0x7ff6b0aa7990
                                                                                                                                                                                                    0x7ff6b0aa7990
                                                                                                                                                                                                    0x7ff6b0aa7996
                                                                                                                                                                                                    0x7ff6b0aa7998
                                                                                                                                                                                                    0x7ff6b0aa79a3
                                                                                                                                                                                                    0x7ff6b0aa79a9
                                                                                                                                                                                                    0x7ff6b0aa79b5
                                                                                                                                                                                                    0x7ff6b0aa79c0
                                                                                                                                                                                                    0x7ff6b0aa79c5
                                                                                                                                                                                                    0x7ff6b0aa79d3
                                                                                                                                                                                                    0x7ff6b0aa79d8
                                                                                                                                                                                                    0x7ff6b0aa79e3
                                                                                                                                                                                                    0x7ff6b0aa79e6
                                                                                                                                                                                                    0x7ff6b0aa79f1
                                                                                                                                                                                                    0x7ff6b0aa79f4
                                                                                                                                                                                                    0x7ff6b0aa7a01
                                                                                                                                                                                                    0x7ff6b0aa7a04
                                                                                                                                                                                                    0x7ff6b0aa7a09
                                                                                                                                                                                                    0x7ff6b0aa7a0c
                                                                                                                                                                                                    0x7ff6b0aa7a14
                                                                                                                                                                                                    0x7ff6b0aa7a1d
                                                                                                                                                                                                    0x7ff6b0aa7a26
                                                                                                                                                                                                    0x7ff6b0aa7a2f
                                                                                                                                                                                                    0x7ff6b0aa7a38
                                                                                                                                                                                                    0x7ff6b0aa7a3e
                                                                                                                                                                                                    0x7ff6b0aa7a45
                                                                                                                                                                                                    0x7ff6b0aa7a51
                                                                                                                                                                                                    0x7ff6b0aa7a63
                                                                                                                                                                                                    0x7ff6b0aa7a6e
                                                                                                                                                                                                    0x7ff6b0aa7a74
                                                                                                                                                                                                    0x7ff6b0aa7a7b
                                                                                                                                                                                                    0x7ff6b0aa7a7f
                                                                                                                                                                                                    0x7ff6b0aa7a85
                                                                                                                                                                                                    0x7ff6b0aa7a87
                                                                                                                                                                                                    0x7ff6b0aa7a87
                                                                                                                                                                                                    0x7ff6b0aa7a8e
                                                                                                                                                                                                    0x7ff6b0aa7a90
                                                                                                                                                                                                    0x7ff6b0aa7a94
                                                                                                                                                                                                    0x7ff6b0aa7a96
                                                                                                                                                                                                    0x7ff6b0aa7a9b
                                                                                                                                                                                                    0x7ff6b0aa7aa5
                                                                                                                                                                                                    0x7ff6b0aa7aae
                                                                                                                                                                                                    0x7ff6b0aa7ab3
                                                                                                                                                                                                    0x7ff6b0aa7ab7
                                                                                                                                                                                                    0x7ff6b0aa7abe
                                                                                                                                                                                                    0x7ff6b0aa7ac2
                                                                                                                                                                                                    0x7ff6b0aa7ac6
                                                                                                                                                                                                    0x7ff6b0aa7acd
                                                                                                                                                                                                    0x7ff6b0aa7adf
                                                                                                                                                                                                    0x7ff6b0aa7aeb
                                                                                                                                                                                                    0x7ff6b0aa7aef
                                                                                                                                                                                                    0x7ff6b0aa7af8
                                                                                                                                                                                                    0x7ff6b0aa7aff
                                                                                                                                                                                                    0x7ff6b0aa7b03
                                                                                                                                                                                                    0x7ff6b0aa7b08
                                                                                                                                                                                                    0x7ff6b0aa7b08
                                                                                                                                                                                                    0x7ff6b0aa7b0c
                                                                                                                                                                                                    0x7ff6b0aa7b13
                                                                                                                                                                                                    0x7ff6b0aa7b1e
                                                                                                                                                                                                    0x7ff6b0aa7b2a
                                                                                                                                                                                                    0x7ff6b0aa7b2e
                                                                                                                                                                                                    0x7ff6b0aa7b37
                                                                                                                                                                                                    0x7ff6b0aa7b3e
                                                                                                                                                                                                    0x7ff6b0aa7b42
                                                                                                                                                                                                    0x7ff6b0aa7b47
                                                                                                                                                                                                    0x7ff6b0aa7b4e
                                                                                                                                                                                                    0x7ff6b0aa7b54
                                                                                                                                                                                                    0x7ff6b0aa7b5f
                                                                                                                                                                                                    0x7ff6b0aa7b69
                                                                                                                                                                                                    0x7ff6b0aa7b69
                                                                                                                                                                                                    0x7ff6b0aa7b70
                                                                                                                                                                                                    0x7ff6b0aa7b74
                                                                                                                                                                                                    0x7ff6b0aa7b78
                                                                                                                                                                                                    0x7ff6b0aa7b7c
                                                                                                                                                                                                    0x7ff6b0aa7b83
                                                                                                                                                                                                    0x7ff6b0aa7b8a
                                                                                                                                                                                                    0x7ff6b0aa7b90
                                                                                                                                                                                                    0x7ff6b0aa7b92
                                                                                                                                                                                                    0x7ff6b0aa7b92
                                                                                                                                                                                                    0x7ff6b0aa7b99
                                                                                                                                                                                                    0x7ff6b0aa7b9b
                                                                                                                                                                                                    0x7ff6b0aa7b9f
                                                                                                                                                                                                    0x7ff6b0aa7ba4
                                                                                                                                                                                                    0x7ff6b0aa7bac
                                                                                                                                                                                                    0x7ff6b0aa7bba
                                                                                                                                                                                                    0x7ff6b0aa7bc3
                                                                                                                                                                                                    0x7ff6b0aa7bc5
                                                                                                                                                                                                    0x7ff6b0aa7bcc
                                                                                                                                                                                                    0x7ff6b0aa7bd5
                                                                                                                                                                                                    0x7ff6b0aa7bda
                                                                                                                                                                                                    0x7ff6b0aa7be1
                                                                                                                                                                                                    0x7ff6b0aa7bea
                                                                                                                                                                                                    0x7ff6b0aa7bef
                                                                                                                                                                                                    0x7ff6b0aa7bf6
                                                                                                                                                                                                    0x7ff6b0aa7bff
                                                                                                                                                                                                    0x7ff6b0aa7c0b
                                                                                                                                                                                                    0x7ff6b0aa7c0e
                                                                                                                                                                                                    0x7ff6b0aa7c10
                                                                                                                                                                                                    0x7ff6b0aa7c14
                                                                                                                                                                                                    0x7ff6b0aa7c24
                                                                                                                                                                                                    0x7ff6b0aa7c34
                                                                                                                                                                                                    0x7ff6b0aa7c44
                                                                                                                                                                                                    0x7ff6b0aa7c50
                                                                                                                                                                                                    0x7ff6b0aa7c55
                                                                                                                                                                                                    0x7ff6b0aa7c5a
                                                                                                                                                                                                    0x7ff6b0aa7c5c
                                                                                                                                                                                                    0x7ff6b0aa7c63
                                                                                                                                                                                                    0x7ff6b0aa7c6a
                                                                                                                                                                                                    0x7ff6b0aa7c71
                                                                                                                                                                                                    0x7ff6b0aa7c78
                                                                                                                                                                                                    0x7ff6b0aa7c7f
                                                                                                                                                                                                    0x7ff6b0aa7c86
                                                                                                                                                                                                    0x7ff6b0aa7c8d
                                                                                                                                                                                                    0x7ff6b0aa7c98
                                                                                                                                                                                                    0x7ff6b0aa7c9e
                                                                                                                                                                                                    0x7ff6b0aa7ca5
                                                                                                                                                                                                    0x7ff6b0aa7cad
                                                                                                                                                                                                    0x7ff6b0aa7cb5
                                                                                                                                                                                                    0x7ff6b0aa7cbd
                                                                                                                                                                                                    0x7ff6b0aa7cc4
                                                                                                                                                                                                    0x7ff6b0aa7cc7
                                                                                                                                                                                                    0x7ff6b0aa7cce
                                                                                                                                                                                                    0x7ff6b0aa7cda
                                                                                                                                                                                                    0x7ff6b0aa7cdc
                                                                                                                                                                                                    0x7ff6b0aa7cec
                                                                                                                                                                                                    0x7ff6b0aa7cf3
                                                                                                                                                                                                    0x7ff6b0aa7d01
                                                                                                                                                                                                    0x7ff6b0aa7d08
                                                                                                                                                                                                    0x7ff6b0aa7d16
                                                                                                                                                                                                    0x7ff6b0aa7d1c
                                                                                                                                                                                                    0x7ff6b0aa7d55

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorInfoLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 189849726-0
                                                                                                                                                                                                    • Opcode ID: 56237f1013cf1dc1397bfeea8cdaa334b227246309f0e1c3ee9da10f49af2e64
                                                                                                                                                                                                    • Instruction ID: f0c90d5d5fc2c0c78c91536d9fac9842646cab35fc0ea3d9f3db52f8b9f1ee05
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56237f1013cf1dc1397bfeea8cdaa334b227246309f0e1c3ee9da10f49af2e64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BB19D33A08692A6D750CF29E4402AE7BA4FB48794FA48535EB5DC77D2DF39E541C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB483C Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 15%
                                                                                                                                                                                                    			E00007FF67FF6B0AB483C(int __ecx, void* __edx, long long __r8, int* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t39;
				int _t41;
				void* _t43;
				int _t45;
				int _t48;
				int _t50;
				int _t69;
				int _t71;
				int _t72;
				signed long long _t97;
				intOrPtr* _t105;
				int _t108;
				void* _t109;
				long long _t120;
				signed long long _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t139;
				void* _t140;
				long long _t141;
				long long _t142;

				_t138 = __r9;
				_t127 = _t126 - 0x88;
				_t125 = _t127 + 0x40;
				_t97 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t125 + 0x30) = _t97 ^ _t125;
				_t141 =  *((intOrPtr*)(_t125 + 0xb0));
				r12d =  *__r9;
				 *_t125 = 0;
				 *(_t125 + 0x10) = __r9;
				r13d = __edx;
				r15d = __ecx;
				 *((long long*)(_t125 + 8)) = __r8;
				if (__ecx == __edx) goto 0xb0ab4aa1;
				if (GetCPInfo(??, ??) == 0) goto 0xb0ab493f;
				if ( *((intOrPtr*)(_t125 + 0x18)) != 1) goto 0xb0ab493f;
				if (GetCPInfo(??, ??) == 0) goto 0xb0ab493f;
				if ( *((intOrPtr*)(_t125 + 0x18)) != 1) goto 0xb0ab493f;
				 *_t125 = 1;
				if (r12d == 0xffffffff) goto 0xb0ab4932;
				_t69 = r12d;
				if (_t69 <= 0) goto 0xb0ab4986;
				_t108 = _t69;
				if (_t108 - 0xfffffff0 > 0) goto 0xb0ab4986;
				_t109 = _t108 + _t108 + 0x10;
				if (_t109 - 0x400 > 0) goto 0xb0ab496d;
				if (_t109 + 0xf - _t109 > 0) goto 0xb0ab4914;
				_t39 = E00007FF67FF6B0ACC0A0(_t38, 0xffffffffffffff0, _t139, _t140);
				_t128 = _t127 - 0xffffffffffffff0;
				_t105 = _t128 + 0x40;
				if (_t105 == 0) goto 0xb0ab4966;
				 *_t105 = 0xcccc;
				goto 0xb0ab4980;
				E00007FF67FF6B0AA70C0(_t39, _t105);
				goto 0xb0ab48d5;
				r9d = r12d;
				 *(_t128 + 0x28) = 0xffffffffffffff1;
				 *((long long*)(_t128 + 0x20)) = _t120;
				_t41 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				_t71 = _t41;
				if (_t41 != 0) goto 0xb0ab48d5;
				goto 0xb0ab4aa4;
				_t43 = malloc(??);
				if (0xffffffffffffff0 == 0) goto 0xb0ab4988;
				 *((intOrPtr*)(0xffffffffffffff0)) = 0xdddd;
				goto 0xb0ab4988;
				if (0x1000000000000000 == 0) goto 0xb0ab4966;
				E00007FF67FF6B0AAB240(_t43, r15d, 0, 0x1000000000000000, _t125 + 0x18, _t71 + _t71);
				r9d = r12d;
				 *(_t128 + 0x28) = _t71;
				 *((long long*)(_t128 + 0x20)) = 0x1000000000000000;
				_t45 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				r15d = 0;
				if (_t45 == r15d) goto 0xb0ab4a90;
				if (_t141 == _t142) goto 0xb0ab4a07;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				 *(_t128 + 0x28) =  *(_t125 + 0xb8);
				r9d = _t71;
				 *((long long*)(_t128 + 0x20)) = _t141;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) == r15d) goto 0xb0ab4a90;
				goto 0xb0ab4a90;
				if ( *_t125 != r15d) goto 0xb0ab4a39;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				r9d = _t71;
				 *(_t128 + 0x28) = r15d;
				 *((long long*)(_t128 + 0x20)) = _t142;
				_t48 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t72 = _t48;
				if (_t48 == r15d) goto 0xb0ab4a90;
				E00007FF67FF6B0AAA5E0(0x1000000000000000, 0x1000000000000000, _t72, _t120, _t141, _t125);
				if (0xffffffffffffff0 == _t142) goto 0xb0ab4a90;
				 *((long long*)(_t128 + 0x38)) = _t142;
				 *((long long*)(_t128 + 0x30)) = _t142;
				r9d = _t72;
				 *(_t128 + 0x28) = _t72;
				 *((long long*)(_t128 + 0x20)) = 0xffffffffffffff0;
				_t50 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				if (_t50 != r15d) goto 0xb0ab4a84;
				free(??);
				goto 0xb0ab4a90;
				if (r12d == 0xffffffff) goto 0xb0ab4a90;
				 *( *(_t125 + 0x10)) = _t50;
				if ( *((intOrPtr*)(0xffffffffffffff0)) != 0xdddd) goto 0xb0ab4aa1;
				free(??);
				return E00007FF67FF6B0AA4050(r13d,  *(_t125 + 0x30) ^ _t125, _t72, 0x1000000000000000, _t138);
			}





























                                                                                                                                                                                                    0x7ff6b0ab483c
                                                                                                                                                                                                    0x7ff6b0ab4849
                                                                                                                                                                                                    0x7ff6b0ab4850
                                                                                                                                                                                                    0x7ff6b0ab4855
                                                                                                                                                                                                    0x7ff6b0ab485f
                                                                                                                                                                                                    0x7ff6b0ab4863
                                                                                                                                                                                                    0x7ff6b0ab486a
                                                                                                                                                                                                    0x7ff6b0ab4875
                                                                                                                                                                                                    0x7ff6b0ab4878
                                                                                                                                                                                                    0x7ff6b0ab487c
                                                                                                                                                                                                    0x7ff6b0ab487f
                                                                                                                                                                                                    0x7ff6b0ab4882
                                                                                                                                                                                                    0x7ff6b0ab4888
                                                                                                                                                                                                    0x7ff6b0ab489a
                                                                                                                                                                                                    0x7ff6b0ab48a4
                                                                                                                                                                                                    0x7ff6b0ab48b9
                                                                                                                                                                                                    0x7ff6b0ab48c3
                                                                                                                                                                                                    0x7ff6b0ab48c5
                                                                                                                                                                                                    0x7ff6b0ab48d0
                                                                                                                                                                                                    0x7ff6b0ab48d2
                                                                                                                                                                                                    0x7ff6b0ab48d7
                                                                                                                                                                                                    0x7ff6b0ab48dd
                                                                                                                                                                                                    0x7ff6b0ab48ed
                                                                                                                                                                                                    0x7ff6b0ab48f3
                                                                                                                                                                                                    0x7ff6b0ab48ff
                                                                                                                                                                                                    0x7ff6b0ab4908
                                                                                                                                                                                                    0x7ff6b0ab4918
                                                                                                                                                                                                    0x7ff6b0ab491d
                                                                                                                                                                                                    0x7ff6b0ab4920
                                                                                                                                                                                                    0x7ff6b0ab4928
                                                                                                                                                                                                    0x7ff6b0ab492a
                                                                                                                                                                                                    0x7ff6b0ab4930
                                                                                                                                                                                                    0x7ff6b0ab4935
                                                                                                                                                                                                    0x7ff6b0ab493d
                                                                                                                                                                                                    0x7ff6b0ab493f
                                                                                                                                                                                                    0x7ff6b0ab494d
                                                                                                                                                                                                    0x7ff6b0ab4951
                                                                                                                                                                                                    0x7ff6b0ab4956
                                                                                                                                                                                                    0x7ff6b0ab495c
                                                                                                                                                                                                    0x7ff6b0ab4960
                                                                                                                                                                                                    0x7ff6b0ab4968
                                                                                                                                                                                                    0x7ff6b0ab496d
                                                                                                                                                                                                    0x7ff6b0ab4978
                                                                                                                                                                                                    0x7ff6b0ab497a
                                                                                                                                                                                                    0x7ff6b0ab4984
                                                                                                                                                                                                    0x7ff6b0ab498b
                                                                                                                                                                                                    0x7ff6b0ab4998
                                                                                                                                                                                                    0x7ff6b0ab49a1
                                                                                                                                                                                                    0x7ff6b0ab49ac
                                                                                                                                                                                                    0x7ff6b0ab49b0
                                                                                                                                                                                                    0x7ff6b0ab49b5
                                                                                                                                                                                                    0x7ff6b0ab49bb
                                                                                                                                                                                                    0x7ff6b0ab49c1
                                                                                                                                                                                                    0x7ff6b0ab49ca
                                                                                                                                                                                                    0x7ff6b0ab49d2
                                                                                                                                                                                                    0x7ff6b0ab49d7
                                                                                                                                                                                                    0x7ff6b0ab49dc
                                                                                                                                                                                                    0x7ff6b0ab49e0
                                                                                                                                                                                                    0x7ff6b0ab49eb
                                                                                                                                                                                                    0x7ff6b0ab49f9
                                                                                                                                                                                                    0x7ff6b0ab4a02
                                                                                                                                                                                                    0x7ff6b0ab4a0b
                                                                                                                                                                                                    0x7ff6b0ab4a0d
                                                                                                                                                                                                    0x7ff6b0ab4a12
                                                                                                                                                                                                    0x7ff6b0ab4a17
                                                                                                                                                                                                    0x7ff6b0ab4a22
                                                                                                                                                                                                    0x7ff6b0ab4a27
                                                                                                                                                                                                    0x7ff6b0ab4a2c
                                                                                                                                                                                                    0x7ff6b0ab4a32
                                                                                                                                                                                                    0x7ff6b0ab4a37
                                                                                                                                                                                                    0x7ff6b0ab4a41
                                                                                                                                                                                                    0x7ff6b0ab4a4c
                                                                                                                                                                                                    0x7ff6b0ab4a4e
                                                                                                                                                                                                    0x7ff6b0ab4a53
                                                                                                                                                                                                    0x7ff6b0ab4a58
                                                                                                                                                                                                    0x7ff6b0ab4a63
                                                                                                                                                                                                    0x7ff6b0ab4a67
                                                                                                                                                                                                    0x7ff6b0ab4a6c
                                                                                                                                                                                                    0x7ff6b0ab4a75
                                                                                                                                                                                                    0x7ff6b0ab4a7a
                                                                                                                                                                                                    0x7ff6b0ab4a82
                                                                                                                                                                                                    0x7ff6b0ab4a88
                                                                                                                                                                                                    0x7ff6b0ab4a8e
                                                                                                                                                                                                    0x7ff6b0ab4a9a
                                                                                                                                                                                                    0x7ff6b0ab4a9c
                                                                                                                                                                                                    0x7ff6b0ab4ac0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB4892
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB48B1
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB4956
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF6B0AB496D
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB49B5
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB49F0
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB4A2C
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB4A6C
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AB4A7A
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AB4A9C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$Infofree$malloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1309074677-0
                                                                                                                                                                                                    • Opcode ID: ddcdf63aba2af7ccbb4f9ff1091687fe12846f0595223e00f381b2a32135b9a6
                                                                                                                                                                                                    • Instruction ID: 54474e74f7edd47038e6f1d9af539e50d47cc09980c0cbf61be3cd3b41766751
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddcdf63aba2af7ccbb4f9ff1091687fe12846f0595223e00f381b2a32135b9a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C61A833A08686A6E7248B2DA84067A7BD9FF847E4F144E35DB5E87BD6DF3CD5418200
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB63B0 Relevance: 15.1, APIs: 10, Instructions: 140COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$CloseHandle$Create$ObjectOpenResetSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3951656645-0
                                                                                                                                                                                                    • Opcode ID: 71be907ffdb5954fb9f19019735728fde777d6d86074cdaac84bb97474247b25
                                                                                                                                                                                                    • Instruction ID: 575abf8edfe7eb06317b5f24c3edef231c9da503d9d15cbf76326f1215cf61af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71be907ffdb5954fb9f19019735728fde777d6d86074cdaac84bb97474247b25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A61DB3360CA859AE761CB58E104339BBA0EB84BB4F144734DBAD87BC9CF6DD4448B00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA7E88 Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: b084e4c1cfd9c5e526710a43c79106415be09ec5de4f2ef4ea707cbabc5b9e00
                                                                                                                                                                                                    • Instruction ID: 2f2bbffe6e4bbef20e81476a41b91727f2012921d781fa6faa27e4f73678d975
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b084e4c1cfd9c5e526710a43c79106415be09ec5de4f2ef4ea707cbabc5b9e00
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4741E133A09581A8EE559A69D8503BD2BA4EF84B54F644831EB0D877D7CF2CA591C310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9C050 Relevance: 13.7, APIs: 9, Instructions: 176COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                                                    			E00007FF67FF6B0A9C050(void* __esi, intOrPtr* __rcx, long long __rdx, void* __r8, long long __r12, long long __r13, long long __r14, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr* _v72;
				long long _v80;
				void* _v88;
				signed int _t64;
				long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				signed short* _t124;
				unsigned long long _t127;
				unsigned long long _t130;
				long long _t136;
				intOrPtr* _t137;
				signed short* _t148;
				signed long long _t152;
				signed long long _t155;
				void* _t159;

				_a16 = __rdx;
				_t117 =  *((intOrPtr*)(__rcx + 0x30));
				if (_t117 - _t117 +  *((intOrPtr*)(__rcx + 0x38)) <= 0) goto 0xb0a9c07e;
				E00007FF67FF6B0AA44B8();
				_t137 =  *((intOrPtr*)(__rcx));
				_v80 = _t117;
				_v88 = _t137;
				if (__rdx == __r8) goto 0xb0a9c290;
				_a24 = __r13;
				_a32 = __r14;
				asm("movaps [esp+0x40], xmm6");
				asm("movaps xmm6, [esp+0x20]");
				_a8 = __r12;
				_t155 = _t117 + __rdx;
				_t159 = __r8 - 1;
				_t152 = _t117 + __r8 - 1;
				if (__rdx == _t159) goto 0xb0a9c273;
				asm("movdqa [esp+0x20], xmm6");
				if (_t137 != 0) goto 0xb0a9c0e6;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9c0ed;
				if (_t152 -  *((intOrPtr*)( *_t137 + 0x38)) +  *((intOrPtr*)( *_t137 + 0x30)) > 0) goto 0xb0a9c10d;
				if (_t137 == 0) goto 0xb0a9c105;
				goto 0xb0a9c107;
				if (_t152 -  *((intOrPtr*)( *_t137 + 0x30)) >= 0) goto 0xb0a9c112;
				E00007FF67FF6B0AA44B8();
				_t118 = _v88;
				_t127 = _t152 >> 3;
				if (_t118 != 0) goto 0xb0a9c135;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9c13b;
				if (_t152 -  *((intOrPtr*)( *_t118 + 0x38)) +  *((intOrPtr*)( *_t118 + 0x30)) < 0) goto 0xb0a9c14d;
				E00007FF67FF6B0AA44B8();
				if (_t118 == 0) goto 0xb0a9c157;
				goto 0xb0a9c159;
				if ( *((intOrPtr*)( *_t118 + 0x28)) - _t127 > 0) goto 0xb0a9c16f;
				if (_t118 == 0) goto 0xb0a9c169;
				goto 0xb0a9c16b;
				if (_t118 == 0) goto 0xb0a9c179;
				goto 0xb0a9c17b;
				asm("movdqa [esp+0x30], xmm6");
				_t148 =  *((intOrPtr*)( *((intOrPtr*)( *_t118 + 0x20)) + (_t127 -  *((intOrPtr*)( *_t118 + 0x28))) * 8)) + _t152 * 2;
				if (_t137 != 0) goto 0xb0a9c19e;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9c1a5;
				if (_t155 -  *((intOrPtr*)( *_t137 + 0x38)) +  *((intOrPtr*)( *_t137 + 0x30)) > 0) goto 0xb0a9c1c5;
				if (_t137 == 0) goto 0xb0a9c1bd;
				goto 0xb0a9c1bf;
				if (_t155 -  *((intOrPtr*)( *_t137 + 0x30)) >= 0) goto 0xb0a9c1ca;
				E00007FF67FF6B0AA44B8();
				_t119 = _v72;
				_t130 = _t155 >> 3;
				if (_t119 != 0) goto 0xb0a9c1ed;
				E00007FF67FF6B0AA44B8();
				r11d = 0;
				goto 0xb0a9c1f3;
				if (_t155 -  *((intOrPtr*)( *_t119 + 0x38)) +  *((intOrPtr*)( *_t119 + 0x30)) < 0) goto 0xb0a9c205;
				E00007FF67FF6B0AA44B8();
				if (_t119 == 0) goto 0xb0a9c20f;
				goto 0xb0a9c211;
				if ( *((intOrPtr*)( *_t119 + 0x28)) - _t130 > 0) goto 0xb0a9c227;
				if (_t119 == 0) goto 0xb0a9c221;
				goto 0xb0a9c223;
				if (_t119 == 0) goto 0xb0a9c231;
				goto 0xb0a9c233;
				_t124 =  *((intOrPtr*)( *((intOrPtr*)( *_t119 + 0x20)) + (_t130 -  *((intOrPtr*)( *_t119 + 0x28))) * 8)) + _t155 * 2;
				if (_t124 == _t148) goto 0xb0a9c254;
				_t64 =  *_t148 & 0x0000ffff;
				 *_t124 = _t64;
				 *_t148 =  *_t124 & 0x0000ffff;
				_t136 = _a16 + 1;
				_a16 = _t136;
				if (_t136 != _t159) goto 0xb0a9c0c0;
				asm("movaps xmm6, [esp+0x40]");
				return _t64;
			}



















                                                                                                                                                                                                    0x7ff6b0a9c050
                                                                                                                                                                                                    0x7ff6b0a9c05f
                                                                                                                                                                                                    0x7ff6b0a9c077
                                                                                                                                                                                                    0x7ff6b0a9c079
                                                                                                                                                                                                    0x7ff6b0a9c07e
                                                                                                                                                                                                    0x7ff6b0a9c081
                                                                                                                                                                                                    0x7ff6b0a9c086
                                                                                                                                                                                                    0x7ff6b0a9c08e
                                                                                                                                                                                                    0x7ff6b0a9c094
                                                                                                                                                                                                    0x7ff6b0a9c09c
                                                                                                                                                                                                    0x7ff6b0a9c0a4
                                                                                                                                                                                                    0x7ff6b0a9c0a9
                                                                                                                                                                                                    0x7ff6b0a9c0ae
                                                                                                                                                                                                    0x7ff6b0a9c0b6
                                                                                                                                                                                                    0x7ff6b0a9c0c0
                                                                                                                                                                                                    0x7ff6b0a9c0c3
                                                                                                                                                                                                    0x7ff6b0a9c0c9
                                                                                                                                                                                                    0x7ff6b0a9c0cf
                                                                                                                                                                                                    0x7ff6b0a9c0d8
                                                                                                                                                                                                    0x7ff6b0a9c0da
                                                                                                                                                                                                    0x7ff6b0a9c0df
                                                                                                                                                                                                    0x7ff6b0a9c0e4
                                                                                                                                                                                                    0x7ff6b0a9c0f8
                                                                                                                                                                                                    0x7ff6b0a9c0fd
                                                                                                                                                                                                    0x7ff6b0a9c103
                                                                                                                                                                                                    0x7ff6b0a9c10b
                                                                                                                                                                                                    0x7ff6b0a9c10d
                                                                                                                                                                                                    0x7ff6b0a9c112
                                                                                                                                                                                                    0x7ff6b0a9c11d
                                                                                                                                                                                                    0x7ff6b0a9c127
                                                                                                                                                                                                    0x7ff6b0a9c129
                                                                                                                                                                                                    0x7ff6b0a9c12e
                                                                                                                                                                                                    0x7ff6b0a9c133
                                                                                                                                                                                                    0x7ff6b0a9c146
                                                                                                                                                                                                    0x7ff6b0a9c148
                                                                                                                                                                                                    0x7ff6b0a9c150
                                                                                                                                                                                                    0x7ff6b0a9c155
                                                                                                                                                                                                    0x7ff6b0a9c15d
                                                                                                                                                                                                    0x7ff6b0a9c162
                                                                                                                                                                                                    0x7ff6b0a9c167
                                                                                                                                                                                                    0x7ff6b0a9c172
                                                                                                                                                                                                    0x7ff6b0a9c177
                                                                                                                                                                                                    0x7ff6b0a9c17f
                                                                                                                                                                                                    0x7ff6b0a9c189
                                                                                                                                                                                                    0x7ff6b0a9c190
                                                                                                                                                                                                    0x7ff6b0a9c192
                                                                                                                                                                                                    0x7ff6b0a9c197
                                                                                                                                                                                                    0x7ff6b0a9c19c
                                                                                                                                                                                                    0x7ff6b0a9c1b0
                                                                                                                                                                                                    0x7ff6b0a9c1b5
                                                                                                                                                                                                    0x7ff6b0a9c1bb
                                                                                                                                                                                                    0x7ff6b0a9c1c3
                                                                                                                                                                                                    0x7ff6b0a9c1c5
                                                                                                                                                                                                    0x7ff6b0a9c1ca
                                                                                                                                                                                                    0x7ff6b0a9c1d5
                                                                                                                                                                                                    0x7ff6b0a9c1df
                                                                                                                                                                                                    0x7ff6b0a9c1e1
                                                                                                                                                                                                    0x7ff6b0a9c1e6
                                                                                                                                                                                                    0x7ff6b0a9c1eb
                                                                                                                                                                                                    0x7ff6b0a9c1fe
                                                                                                                                                                                                    0x7ff6b0a9c200
                                                                                                                                                                                                    0x7ff6b0a9c208
                                                                                                                                                                                                    0x7ff6b0a9c20d
                                                                                                                                                                                                    0x7ff6b0a9c215
                                                                                                                                                                                                    0x7ff6b0a9c21a
                                                                                                                                                                                                    0x7ff6b0a9c21f
                                                                                                                                                                                                    0x7ff6b0a9c22a
                                                                                                                                                                                                    0x7ff6b0a9c22f
                                                                                                                                                                                                    0x7ff6b0a9c23b
                                                                                                                                                                                                    0x7ff6b0a9c242
                                                                                                                                                                                                    0x7ff6b0a9c244
                                                                                                                                                                                                    0x7ff6b0a9c24c
                                                                                                                                                                                                    0x7ff6b0a9c24f
                                                                                                                                                                                                    0x7ff6b0a9c25f
                                                                                                                                                                                                    0x7ff6b0a9c262
                                                                                                                                                                                                    0x7ff6b0a9c26d
                                                                                                                                                                                                    0x7ff6b0a9c28b
                                                                                                                                                                                                    0x7ff6b0a9c29a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 4030c83a59812f64d6c05d60debb6fb5f98c41b8662f9c9e344c53440360d978
                                                                                                                                                                                                    • Instruction ID: e766b2c94b05be648957635420d3b7f38bff7ffc7a8620b5e143d267c4b5b3a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4030c83a59812f64d6c05d60debb6fb5f98c41b8662f9c9e344c53440360d978
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80618E23B18E91A1EA609F29D4402B96BA4FB48BC4F694931EF4D93397DF3DD8429304
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB25EC Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                                                                                    			E00007FF67FF6B0AB25EC(void* __edx, long long __rbx, intOrPtr* __rcx, long long __rdi, long long __rsi, void* __r8) {
				void* _t43;
				int _t45;
				int _t55;
				void* _t71;
				intOrPtr _t84;
				signed long long _t100;
				intOrPtr _t108;
				void* _t113;
				long long _t121;
				intOrPtr* _t122;
				long long _t125;
				char* _t131;
				signed long long _t132;
				void* _t134;
				void* _t135;
				void* _t136;
				void* _t148;
				void* _t149;
				int _t150;
				int _t151;
				int _t153;
				short* _t156;
				void* _t157;
				int _t160;

				_t121 = __rdi;
				 *(_t134 + 0x20) = r9d;
				_t135 = _t134 - 0x40;
				_t132 = _t135 + 0x30;
				 *((long long*)(_t132 + 0x40)) = __rbx;
				 *((long long*)(_t132 + 0x48)) = __rsi;
				 *((long long*)(_t132 + 0x50)) = __rdi;
				_t100 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t132 + 8) = _t100 ^ _t132;
				r9d =  *0xb0ae3f5c; // 0x1
				_t157 = __r8;
				r15d = __edx;
				_t7 = _t121 + 1; // 0x2
				_t71 = _t7;
				if (r9d != 0) goto 0xb0ab2679;
				r8d = 1;
				if (GetStringTypeW(_t160, _t156) == 0) goto 0xb0ab265e;
				 *0xb0ae3f5c = 1;
				goto 0xb0ab2694;
				GetLastError();
				r9d =  *0xb0ae3f5c; // 0x1
				r9d =  ==  ? _t71 : r9d;
				 *0xb0ae3f5c = r9d;
				if (r9d == _t71) goto 0xb0ab27a8;
				if (r9d == 0) goto 0xb0ab27a8;
				if (r9d != 1) goto 0xb0ab27d7;
				if ( *((intOrPtr*)(_t132 + 0x68)) != 0) goto 0xb0ab26a2;
				 *(_t132 + 0x78) =  ~( *(_t132 + 0x78));
				r9d =  *(_t132 + 0x58);
				asm("sbb edx, edx");
				 *((intOrPtr*)(_t135 + 0x28)) = 0;
				 *((long long*)(_t135 + 0x20)) = __rbx;
				_t151 = MultiByteToWideChar(_t153, _t150, _t131);
				_t84 = r12d;
				if (_t84 == 0) goto 0xb0ab27d7;
				r13d = 0xdddd;
				if (_t84 <= 0) goto 0xb0ab2740;
				if (_t151 - 0xfffffff0 > 0) goto 0xb0ab2740;
				_t16 = _t151 + 0x10; // 0x1a
				_t113 = _t151 + _t16;
				if (_t113 - 0x400 > 0) goto 0xb0ab272a;
				_t17 = _t113 + 0xf; // 0x29
				if (_t17 - _t113 > 0) goto 0xb0ab2708;
				E00007FF67FF6B0ACC0A0(_t41, 0xffffffffffffff0, _t148, _t149);
				_t136 = _t135 - 0xfffffff0;
				_t122 = _t136 + 0x30;
				if (_t122 == __rbx) goto 0xb0ab27d7;
				 *_t122 = 0xcccc;
				goto 0xb0ab273a;
				_t43 = malloc(??);
				if (0xfffffff0 == __rbx) goto 0xb0ab2743;
				 *((intOrPtr*)(0xffffffffffffff0)) = r13d;
				goto 0xb0ab2743;
				_t125 = __rbx;
				if (__rbx == __rbx) goto 0xb0ab27d7;
				E00007FF67FF6B0AAB240(_t43,  *((intOrPtr*)( *__rcx + 4)), 0, __rbx, 0xb0ad15e0, _t151 + _t151);
				r9d =  *(_t132 + 0x58);
				 *((intOrPtr*)(_t136 + 0x28)) = r12d;
				 *((long long*)(_t136 + 0x20)) = __rbx;
				_t45 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t45 == 0) goto 0xb0ab2793;
				r8d = _t45;
				_t55 = GetStringTypeW(??, ??, ??, ??);
				_t23 = _t125 - 0x10; // -16
				if ( *_t23 != r13d) goto 0xb0ab27a1;
				free(??);
				goto 0xb0ab2830;
				r12d =  *((intOrPtr*)(_t132 + 0x70));
				if (r12d != _t55) goto 0xb0ab27bc;
				r12d =  *((intOrPtr*)( *__rcx + 0x14));
				if ( *((intOrPtr*)(_t132 + 0x68)) != _t55) goto 0xb0ab27ca;
				_t108 =  *__rcx;
				if (E00007FF67FF6B0AB47E8(_t55, r12d,  *((intOrPtr*)(_t132 + 0x60))) != 0xffffffff) goto 0xb0ab27db;
				goto 0xb0ab2830;
				if (0 ==  *((intOrPtr*)(_t108 + 4))) goto 0xb0ab2803;
				 *((intOrPtr*)(_t136 + 0x28)) = _t55;
				 *((long long*)(_t136 + 0x20)) = __rbx;
				E00007FF67FF6B0AB483C( *((intOrPtr*)(_t108 + 4)), 0, _t157, _t132 + 0x58);
				if (_t108 == __rbx) goto 0xb0ab27d7;
				r9d =  *(_t132 + 0x58);
				 *((long long*)(_t136 + 0x20)) =  *((intOrPtr*)(_t132 + 0x60));
				GetStringTypeA(??, ??, ??, ??, ??);
				if (_t108 == __rbx) goto 0xb0ab282e;
				free(??);
				return E00007FF67FF6B0AA4050(r12d,  *(_t132 + 8) ^ _t132, __rbx, _t108, _t132 + 0x58);
			}



























                                                                                                                                                                                                    0x7ff6b0ab25ec
                                                                                                                                                                                                    0x7ff6b0ab25ec
                                                                                                                                                                                                    0x7ff6b0ab25fa
                                                                                                                                                                                                    0x7ff6b0ab25fe
                                                                                                                                                                                                    0x7ff6b0ab2603
                                                                                                                                                                                                    0x7ff6b0ab2607
                                                                                                                                                                                                    0x7ff6b0ab260b
                                                                                                                                                                                                    0x7ff6b0ab260f
                                                                                                                                                                                                    0x7ff6b0ab2619
                                                                                                                                                                                                    0x7ff6b0ab261d
                                                                                                                                                                                                    0x7ff6b0ab262b
                                                                                                                                                                                                    0x7ff6b0ab262e
                                                                                                                                                                                                    0x7ff6b0ab2634
                                                                                                                                                                                                    0x7ff6b0ab2634
                                                                                                                                                                                                    0x7ff6b0ab263a
                                                                                                                                                                                                    0x7ff6b0ab2647
                                                                                                                                                                                                    0x7ff6b0ab2654
                                                                                                                                                                                                    0x7ff6b0ab2656
                                                                                                                                                                                                    0x7ff6b0ab265c
                                                                                                                                                                                                    0x7ff6b0ab265e
                                                                                                                                                                                                    0x7ff6b0ab2664
                                                                                                                                                                                                    0x7ff6b0ab266e
                                                                                                                                                                                                    0x7ff6b0ab2672
                                                                                                                                                                                                    0x7ff6b0ab267c
                                                                                                                                                                                                    0x7ff6b0ab2685
                                                                                                                                                                                                    0x7ff6b0ab268e
                                                                                                                                                                                                    0x7ff6b0ab2699
                                                                                                                                                                                                    0x7ff6b0ab26a2
                                                                                                                                                                                                    0x7ff6b0ab26a5
                                                                                                                                                                                                    0x7ff6b0ab26ac
                                                                                                                                                                                                    0x7ff6b0ab26b0
                                                                                                                                                                                                    0x7ff6b0ab26b7
                                                                                                                                                                                                    0x7ff6b0ab26c4
                                                                                                                                                                                                    0x7ff6b0ab26c7
                                                                                                                                                                                                    0x7ff6b0ab26ca
                                                                                                                                                                                                    0x7ff6b0ab26d0
                                                                                                                                                                                                    0x7ff6b0ab26d6
                                                                                                                                                                                                    0x7ff6b0ab26e5
                                                                                                                                                                                                    0x7ff6b0ab26e7
                                                                                                                                                                                                    0x7ff6b0ab26e7
                                                                                                                                                                                                    0x7ff6b0ab26f3
                                                                                                                                                                                                    0x7ff6b0ab26f5
                                                                                                                                                                                                    0x7ff6b0ab26fc
                                                                                                                                                                                                    0x7ff6b0ab270c
                                                                                                                                                                                                    0x7ff6b0ab2711
                                                                                                                                                                                                    0x7ff6b0ab2714
                                                                                                                                                                                                    0x7ff6b0ab271c
                                                                                                                                                                                                    0x7ff6b0ab2722
                                                                                                                                                                                                    0x7ff6b0ab2728
                                                                                                                                                                                                    0x7ff6b0ab272a
                                                                                                                                                                                                    0x7ff6b0ab2735
                                                                                                                                                                                                    0x7ff6b0ab2737
                                                                                                                                                                                                    0x7ff6b0ab273e
                                                                                                                                                                                                    0x7ff6b0ab2740
                                                                                                                                                                                                    0x7ff6b0ab2746
                                                                                                                                                                                                    0x7ff6b0ab2757
                                                                                                                                                                                                    0x7ff6b0ab275c
                                                                                                                                                                                                    0x7ff6b0ab276a
                                                                                                                                                                                                    0x7ff6b0ab276f
                                                                                                                                                                                                    0x7ff6b0ab2774
                                                                                                                                                                                                    0x7ff6b0ab277c
                                                                                                                                                                                                    0x7ff6b0ab2782
                                                                                                                                                                                                    0x7ff6b0ab2791
                                                                                                                                                                                                    0x7ff6b0ab2793
                                                                                                                                                                                                    0x7ff6b0ab279a
                                                                                                                                                                                                    0x7ff6b0ab279c
                                                                                                                                                                                                    0x7ff6b0ab27a3
                                                                                                                                                                                                    0x7ff6b0ab27a8
                                                                                                                                                                                                    0x7ff6b0ab27b2
                                                                                                                                                                                                    0x7ff6b0ab27b8
                                                                                                                                                                                                    0x7ff6b0ab27c1
                                                                                                                                                                                                    0x7ff6b0ab27c3
                                                                                                                                                                                                    0x7ff6b0ab27d5
                                                                                                                                                                                                    0x7ff6b0ab27d9
                                                                                                                                                                                                    0x7ff6b0ab27dd
                                                                                                                                                                                                    0x7ff6b0ab27ea
                                                                                                                                                                                                    0x7ff6b0ab27ee
                                                                                                                                                                                                    0x7ff6b0ab27f3
                                                                                                                                                                                                    0x7ff6b0ab27fe
                                                                                                                                                                                                    0x7ff6b0ab2807
                                                                                                                                                                                                    0x7ff6b0ab2814
                                                                                                                                                                                                    0x7ff6b0ab2819
                                                                                                                                                                                                    0x7ff6b0ab2824
                                                                                                                                                                                                    0x7ff6b0ab2829
                                                                                                                                                                                                    0x7ff6b0ab2855

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB264C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB265E
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB26BE
                                                                                                                                                                                                    • malloc.LIBCMT ref: 00007FF6B0AB272A
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB2774
                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB278B
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AB279C
                                                                                                                                                                                                    • GetStringTypeA.KERNEL32(?,?,00000000,?,00000000,0000000A,00000008,00007FF6B0AB28BE), ref: 00007FF6B0AB2819
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AB2829
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AB483C: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB4892
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AB483C: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB48B1
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AB483C: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB49B5
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AB483C: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6B0AB49F0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$StringType$Infofree$ErrorLastmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3804003340-0
                                                                                                                                                                                                    • Opcode ID: 115f6eea8dedc5ed251d069930978551ce189c9ac9d53966058a53c2e0c20737
                                                                                                                                                                                                    • Instruction ID: d70dea6a1edd0a624239bacf32f4ee447ff2c93643319ec39f50f61f24e3311e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 115f6eea8dedc5ed251d069930978551ce189c9ac9d53966058a53c2e0c20737
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D61B633A0468AA6D7209F69D4505693F95FB44BE8F144A36EF1D97BD6CF3CE8828340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA574C Relevance: 13.6, APIs: 9, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointer$_initterm$ExitProcess_lock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2551688548-0
                                                                                                                                                                                                    • Opcode ID: e5378ab1e68341b08446536e14f55dd7bb624f0fc9be673db24ed96fa75622f8
                                                                                                                                                                                                    • Instruction ID: 81f3156836371fa4a6f53f04ac996e37a5da1f756bd52eb2907497af4999bdcb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5378ab1e68341b08446536e14f55dd7bb624f0fc9be673db24ed96fa75622f8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12418E23A1E642A4E650AB29E8401797A95FF88784F344C39EB4EC77E7DF7CE4458B04
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB181C Relevance: 13.6, APIs: 9, Instructions: 89COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AB181C(void* __ebx, signed int __ecx, void* __edx, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t49;
				void* _t55;
				signed int* _t59;
				signed int* _t60;
				long long _t66;
				signed long long _t69;
				void* _t76;
				signed long long _t78;

				_t75 = __r8;
				_t71 = __rbp;
				_t65 = __rdx;
				_t64 = __rcx;
				_t34 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				r13d = __edx;
				_t62 = __ecx;
				if (__ebx != 0xfffffffe) goto 0xb0ab1861;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax = 0;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab1935;
				if (__ebx < 0) goto 0xb0ab190c;
				_t55 = _t34 -  *0xb0ae89c0; // 0x20
				if (_t55 >= 0) goto 0xb0ab190c;
				_t78 = __ecx >> 5;
				_t69 = __ecx * 0x58;
				_t59 =  *((intOrPtr*)(0xb0ae89e0 + _t78 * 8));
				if (_t55 != 0) goto 0xb0ab18c8;
				E00007FF67FF6B0AA78CC(_t59);
				 *_t59 = 0;
				E00007FF67FF6B0AA78AC(_t59);
				 *_t59 = 9;
				_v56 = _t66;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t59, __ecx, __rcx, __rdx, _t69, __rbp, __r8);
				goto 0xb0ab1935;
				E00007FF67FF6B0AB593C(_t34, _t34, _t62, _t66, _t69, _t76);
				_t60 =  *((intOrPtr*)(0xb0ae89e0 + _t78 * 8));
				if (( *(_t60 + _t69 + 8) & 0x00000001) == 0) goto 0xb0ab18ec;
				r8d = r12d;
				_t49 = E00007FF67FF6B0AB1784(_t34, _t34, r13d, _t60, _t62, _t69);
				goto 0xb0ab1901;
				E00007FF67FF6B0AA78AC(_t60);
				 *_t60 = 9;
				E00007FF67FF6B0AA78CC(_t60);
				 *_t60 = _t49;
				E00007FF67FF6B0AB59E4();
				goto 0xb0ab1935;
				E00007FF67FF6B0AA78CC(_t60);
				 *_t60 = _t49 | 0xffffffff;
				E00007FF67FF6B0AA78AC(_t60);
				 *_t60 = 9;
				_v56 = _t66;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t60, _t62, _t64, _t65, _t69, _t71, _t75) | 0xffffffff;
			}















                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab181c
                                                                                                                                                                                                    0x7ff6b0ab1821
                                                                                                                                                                                                    0x7ff6b0ab1826
                                                                                                                                                                                                    0x7ff6b0ab1837
                                                                                                                                                                                                    0x7ff6b0ab183a
                                                                                                                                                                                                    0x7ff6b0ab183d
                                                                                                                                                                                                    0x7ff6b0ab1843
                                                                                                                                                                                                    0x7ff6b0ab1845
                                                                                                                                                                                                    0x7ff6b0ab184c
                                                                                                                                                                                                    0x7ff6b0ab184e
                                                                                                                                                                                                    0x7ff6b0ab1853
                                                                                                                                                                                                    0x7ff6b0ab185c
                                                                                                                                                                                                    0x7ff6b0ab1865
                                                                                                                                                                                                    0x7ff6b0ab186b
                                                                                                                                                                                                    0x7ff6b0ab1871
                                                                                                                                                                                                    0x7ff6b0ab187d
                                                                                                                                                                                                    0x7ff6b0ab188b
                                                                                                                                                                                                    0x7ff6b0ab188f
                                                                                                                                                                                                    0x7ff6b0ab189b
                                                                                                                                                                                                    0x7ff6b0ab189d
                                                                                                                                                                                                    0x7ff6b0ab18a2
                                                                                                                                                                                                    0x7ff6b0ab18a4
                                                                                                                                                                                                    0x7ff6b0ab18a9
                                                                                                                                                                                                    0x7ff6b0ab18af
                                                                                                                                                                                                    0x7ff6b0ab18b4
                                                                                                                                                                                                    0x7ff6b0ab18b7
                                                                                                                                                                                                    0x7ff6b0ab18be
                                                                                                                                                                                                    0x7ff6b0ab18c6
                                                                                                                                                                                                    0x7ff6b0ab18ca
                                                                                                                                                                                                    0x7ff6b0ab18d0
                                                                                                                                                                                                    0x7ff6b0ab18d9
                                                                                                                                                                                                    0x7ff6b0ab18db
                                                                                                                                                                                                    0x7ff6b0ab18e8
                                                                                                                                                                                                    0x7ff6b0ab18ea
                                                                                                                                                                                                    0x7ff6b0ab18ec
                                                                                                                                                                                                    0x7ff6b0ab18f1
                                                                                                                                                                                                    0x7ff6b0ab18f7
                                                                                                                                                                                                    0x7ff6b0ab18fc
                                                                                                                                                                                                    0x7ff6b0ab1903
                                                                                                                                                                                                    0x7ff6b0ab190a
                                                                                                                                                                                                    0x7ff6b0ab190c
                                                                                                                                                                                                    0x7ff6b0ab1911
                                                                                                                                                                                                    0x7ff6b0ab1913
                                                                                                                                                                                                    0x7ff6b0ab1918
                                                                                                                                                                                                    0x7ff6b0ab191e
                                                                                                                                                                                                    0x7ff6b0ab1923
                                                                                                                                                                                                    0x7ff6b0ab1926
                                                                                                                                                                                                    0x7ff6b0ab194c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: f10987436b34bd0968861f3bbb4ff45c1ba2012104b75b240ae358803b696601
                                                                                                                                                                                                    • Instruction ID: 1c372c14cb035a97c75282a3d32d4a01be3848e78eae9724482eb6ff7624fa54
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f10987436b34bd0968861f3bbb4ff45c1ba2012104b75b240ae358803b696601
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E631E333E18646A2E3116F69AC4563E3E50BBC4760FA58A31EB29877E3CE3CE4418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB9F60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                                                                    			E00007FF67FF6B0AB9F60(void* __ebx, long long __rbx, long long __rdx, void* __r8, void* __r9, void* _a8) {
				signed int _v56;
				long long _v64;
				long long _v72;
				char _v88;
				char _v96;
				long long _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				long long _v152;
				intOrPtr _v160;
				long long _v168;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				long _t70;
				signed long long _t109;
				char _t117;
				long long _t143;
				long long _t144;
				long long _t145;
				long long _t149;
				long long _t150;
				void* _t154;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t166;
				signed long long _t167;
				void* _t169;
				void* _t170;
				void* _t182;
				void* _t185;
				long long _t186;
				long long _t187;

				_t185 = _t170;
				_v120 = 0xfffffffe;
				 *((long long*)(_t185 + 8)) = __rbx;
				_t109 =  *0xb0ae0430; // 0x449f37dbf1f
				_v56 = _t109 ^ _t170 - 0x000000a0;
				_t186 = __rdx;
				 *((long long*)(_t185 - 0x68)) = __rdx;
				r13d = 0;
				_v136 = r13d;
				 *((long long*)(_t185 - 0x80)) = _t187;
				_v152 = _t187;
				_v160 = r13d;
				_v168 = _t185 - 0x80;
				r9d = 0x400;
				_t70 = FormatMessageA(??, ??, ??, ??, ??, ??, ??);
				_t124 = _v128;
				_v112 = _v128;
				if (_t70 != 0) goto 0xb0aba016;
				 *((long long*)(__rdx + 0x20)) = 0xf;
				 *((long long*)(__rdx + 0x18)) = _t187;
				 *(__rdx + 8) = _t70;
				_t16 = _t187 + 0xd; // 0xd
				r8d = _t16;
				E00007FF67FF6B0A91DC0(_v128, __rdx, "Unknown error", _t154, _t167, __r8);
				_v136 = 1;
				LocalFree(??);
				goto 0xb0aba23e;
				_v64 = 0xf;
				_v72 = _t187;
				_v88 = 0;
				asm("repne scasb");
				E00007FF67FF6B0A91DC0(_v128,  &_v96, _v128, _v128, _t167,  !(_t124 | 0xffffffff) - 1);
				_t143 = _v72;
				if (_t143 == 0) goto 0xb0aba1d4;
				_t163 = _t143 - 1;
				if (_t163 - _t143 <= 0) goto 0xb0aba08e;
				E00007FF67FF6B0AA44B8();
				_t144 = _v72;
				_t114 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t163)) == 0xa) goto 0xb0aba0da;
				_t164 = _t144 - 1;
				if (_t164 - _t144 <= 0) goto 0xb0aba0c1;
				E00007FF67FF6B0AA44B8();
				_t145 = _v72;
				_t116 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t164)) != 0xd) goto 0xb0aba18b;
				_t165 = _t145 - 1;
				if (_t145 - _t165 >= 0) goto 0xb0aba0fc;
				E00007FF67FF6B0AA3434( >=  ? _v88 :  &_v88, _t124, _v64, _t167 | 0xffffffff);
				_t182 = _v72 - _t165;
				if (_t182 - 0xffffffff >= 0) goto 0xb0aba110;
				_t169 = _t182;
				if (_t182 == 0) goto 0xb0aba181;
				_t117 = _v88;
				_t176 =  >=  ? _t117 :  &_v88;
				_t132 =  >=  ? _t117 :  &_v88;
				_t133 = ( >=  ? _t117 :  &_v88) + _t165;
				_t177 = ( >=  ? _t117 :  &_v88) + _t165;
				_t178 = ( >=  ? _t117 :  &_v88) + _t165 + _t169;
				E00007FF67FF6B0AA4070(( >=  ? _t117 :  &_v88) + _t165, _v64 - _t165, ( >=  ? _t117 :  &_v88) + _t165 + _t169, _t182 - _t169);
				_t149 = _v72 - _t169;
				_v72 = _t149;
				_t119 =  >=  ? _v88 :  &_v88;
				 *((char*)(( >=  ? _v88 :  &_v88) + _t149)) = 0;
				_t150 = _v72;
				if (_t150 == 0) goto 0xb0aba1d4;
				goto 0xb0aba070;
				if (_t150 == 0) goto 0xb0aba1d4;
				_t166 = _t150 - 1;
				if (_t166 - _t150 <= 0) goto 0xb0aba1ae;
				E00007FF67FF6B0AA44B8();
				_t121 =  >=  ? _v88 :  &_v88;
				if ( *((char*)(( >=  ? _v88 :  &_v88) + _t166)) != 0x2e) goto 0xb0aba1d4;
				E00007FF67FF6B0A91FC0(_t124,  &_v96, _v72 - 1, _t166, _t169, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff);
				 *((long long*)(_t186 + 0x20)) = 0xf;
				 *((long long*)(_t186 + 0x18)) = _t187;
				 *((char*)(_t186 + 8)) = 0;
				r8d = 0;
				E00007FF67FF6B0A91CA0(_t124, _t186,  &_v96, _v64, _t166, _t169, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
				_v136 = 1;
				if (_v64 - 0x10 < 0) goto 0xb0aba219;
				E00007FF67FF6B0AA44D8( >=  ? _v88 :  &_v88, _t124, _v88,  &_v96, _t166, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
				_v64 = 0xf;
				_v72 = _t187;
				_v88 = 0;
				LocalFree(??);
				return E00007FF67FF6B0AA4050(0x1300, _v56 ^ _t170 - 0x000000a0,  &_v96, ( >=  ? _t117 :  &_v88) + _t165 + _t169 | 0xffffffff, _t182 - _t169 | 0xffffffff);
			}






































                                                                                                                                                                                                    0x7ff6b0ab9f60
                                                                                                                                                                                                    0x7ff6b0ab9f71
                                                                                                                                                                                                    0x7ff6b0ab9f7a
                                                                                                                                                                                                    0x7ff6b0ab9f7e
                                                                                                                                                                                                    0x7ff6b0ab9f88
                                                                                                                                                                                                    0x7ff6b0ab9f90
                                                                                                                                                                                                    0x7ff6b0ab9f93
                                                                                                                                                                                                    0x7ff6b0ab9f97
                                                                                                                                                                                                    0x7ff6b0ab9f9a
                                                                                                                                                                                                    0x7ff6b0ab9f9f
                                                                                                                                                                                                    0x7ff6b0ab9fa3
                                                                                                                                                                                                    0x7ff6b0ab9fa8
                                                                                                                                                                                                    0x7ff6b0ab9fb1
                                                                                                                                                                                                    0x7ff6b0ab9fbd
                                                                                                                                                                                                    0x7ff6b0ab9fc3
                                                                                                                                                                                                    0x7ff6b0ab9fc9
                                                                                                                                                                                                    0x7ff6b0ab9fce
                                                                                                                                                                                                    0x7ff6b0ab9fd5
                                                                                                                                                                                                    0x7ff6b0ab9fd7
                                                                                                                                                                                                    0x7ff6b0ab9fe0
                                                                                                                                                                                                    0x7ff6b0ab9fe5
                                                                                                                                                                                                    0x7ff6b0ab9fea
                                                                                                                                                                                                    0x7ff6b0ab9fea
                                                                                                                                                                                                    0x7ff6b0ab9ff8
                                                                                                                                                                                                    0x7ff6b0ab9ffd
                                                                                                                                                                                                    0x7ff6b0aba008
                                                                                                                                                                                                    0x7ff6b0aba011
                                                                                                                                                                                                    0x7ff6b0aba016
                                                                                                                                                                                                    0x7ff6b0aba022
                                                                                                                                                                                                    0x7ff6b0aba02a
                                                                                                                                                                                                    0x7ff6b0aba038
                                                                                                                                                                                                    0x7ff6b0aba049
                                                                                                                                                                                                    0x7ff6b0aba04f
                                                                                                                                                                                                    0x7ff6b0aba05a
                                                                                                                                                                                                    0x7ff6b0aba070
                                                                                                                                                                                                    0x7ff6b0aba077
                                                                                                                                                                                                    0x7ff6b0aba079
                                                                                                                                                                                                    0x7ff6b0aba086
                                                                                                                                                                                                    0x7ff6b0aba097
                                                                                                                                                                                                    0x7ff6b0aba0a1
                                                                                                                                                                                                    0x7ff6b0aba0a3
                                                                                                                                                                                                    0x7ff6b0aba0aa
                                                                                                                                                                                                    0x7ff6b0aba0ac
                                                                                                                                                                                                    0x7ff6b0aba0b9
                                                                                                                                                                                                    0x7ff6b0aba0ca
                                                                                                                                                                                                    0x7ff6b0aba0d4
                                                                                                                                                                                                    0x7ff6b0aba0de
                                                                                                                                                                                                    0x7ff6b0aba0e5
                                                                                                                                                                                                    0x7ff6b0aba0e7
                                                                                                                                                                                                    0x7ff6b0aba0ff
                                                                                                                                                                                                    0x7ff6b0aba106
                                                                                                                                                                                                    0x7ff6b0aba108
                                                                                                                                                                                                    0x7ff6b0aba10e
                                                                                                                                                                                                    0x7ff6b0aba115
                                                                                                                                                                                                    0x7ff6b0aba11e
                                                                                                                                                                                                    0x7ff6b0aba12b
                                                                                                                                                                                                    0x7ff6b0aba135
                                                                                                                                                                                                    0x7ff6b0aba138
                                                                                                                                                                                                    0x7ff6b0aba13b
                                                                                                                                                                                                    0x7ff6b0aba141
                                                                                                                                                                                                    0x7ff6b0aba14e
                                                                                                                                                                                                    0x7ff6b0aba151
                                                                                                                                                                                                    0x7ff6b0aba167
                                                                                                                                                                                                    0x7ff6b0aba16d
                                                                                                                                                                                                    0x7ff6b0aba179
                                                                                                                                                                                                    0x7ff6b0aba184
                                                                                                                                                                                                    0x7ff6b0aba186
                                                                                                                                                                                                    0x7ff6b0aba18e
                                                                                                                                                                                                    0x7ff6b0aba190
                                                                                                                                                                                                    0x7ff6b0aba197
                                                                                                                                                                                                    0x7ff6b0aba199
                                                                                                                                                                                                    0x7ff6b0aba1b7
                                                                                                                                                                                                    0x7ff6b0aba1c1
                                                                                                                                                                                                    0x7ff6b0aba1cf
                                                                                                                                                                                                    0x7ff6b0aba1d4
                                                                                                                                                                                                    0x7ff6b0aba1dd
                                                                                                                                                                                                    0x7ff6b0aba1e2
                                                                                                                                                                                                    0x7ff6b0aba1ec
                                                                                                                                                                                                    0x7ff6b0aba1f7
                                                                                                                                                                                                    0x7ff6b0aba1fc
                                                                                                                                                                                                    0x7ff6b0aba20d
                                                                                                                                                                                                    0x7ff6b0aba214
                                                                                                                                                                                                    0x7ff6b0aba219
                                                                                                                                                                                                    0x7ff6b0aba225
                                                                                                                                                                                                    0x7ff6b0aba22d
                                                                                                                                                                                                    0x7ff6b0aba235
                                                                                                                                                                                                    0x7ff6b0aba264

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$FormatFreeLocalMessage
                                                                                                                                                                                                    • String ID: Unknown error
                                                                                                                                                                                                    • API String ID: 3408990668-83687255
                                                                                                                                                                                                    • Opcode ID: 7b9eeed1eaa9fbeac6c5963c93b71ae23eb17b54183d238eedd3940b7ac5251d
                                                                                                                                                                                                    • Instruction ID: 07dbe5b76bf3bfd9bc286e8ca9af59ff4df00b0d9ef172c1481cf14458f4f55b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b9eeed1eaa9fbeac6c5963c93b71ae23eb17b54183d238eedd3940b7ac5251d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35716262A08AC192E6609B29E44439EBBA1F7947A4F909731DBAC477DADF3CD445CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9E8C0 Relevance: 12.3, APIs: 8, Instructions: 340COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF67FF6B0A9E8C0(void* __edx, void* __ebp, long long __rbx, void* __rcx, long long _a24) {
				signed int _v64;
				long long _v72;
				long long _v80;
				char _v96;
				char _v104;
				long long _v112;
				char _v120;
				char _v128;
				void* _v135;
				char _v136;
				void* _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t126;
				void* _t133;
				void* _t156;
				void* _t192;
				signed long long _t222;
				void* _t263;
				long long _t275;
				char* _t277;
				char* _t279;
				long long _t280;
				long long _t285;
				char _t286;
				char _t288;
				char _t291;
				char _t293;
				long long _t301;
				intOrPtr* _t308;
				long long* _t310;
				long long _t311;
				long long _t328;
				char* _t331;
				void* _t333;
				void* _t334;
				signed long long _t336;
				intOrPtr* _t340;
				intOrPtr* _t341;
				long long _t344;
				long long _t352;
				void* _t361;
				long long _t362;

				_v112 = 0xfffffffe;
				_a24 = __rbx;
				_t222 =  *0xb0ae0430; // 0x449f37dbf1f
				_v64 = _t222 ^  &_v144;
				r13d = __edx;
				_t361 = __rcx;
				if (__edx != 0xffffffff) goto 0xb0a9e908;
				goto 0xb0a9ee09;
				_t308 =  *((intOrPtr*)(__rcx + 0x48));
				if ( *_t308 == 0) goto 0xb0a9e941;
				_t340 =  *((intOrPtr*)(__rcx + 0x60));
				if ( *_t308 -  *_t340 +  *_t308 >= 0) goto 0xb0a9e941;
				 *_t340 =  *_t340 - 1;
				_t310 =  *((intOrPtr*)(__rcx + 0x48));
				_t341 =  *_t310;
				_t285 = _t341 + 1;
				 *_t310 = _t285;
				 *_t341 = r13b;
				goto 0xb0a9ee09;
				_t311 =  *((intOrPtr*)(__rcx + 0x88));
				if (_t311 != 0) goto 0xb0a9e956;
				goto 0xb0a9ee09;
				if ( *((long long*)(__rcx + 0x70)) != 0) goto 0xb0a9e978;
				E00007FF67FF6B0AA68AC(r13b, _t222 ^  &_v144, __rbx, _t285, _t311, _t334, _t341);
				_t155 =  !=  ? r13d : __ebp;
				goto 0xb0a9ee09;
				_v136 = r13b;
				_v72 = _t311;
				_v96 = 0;
				_v96 = _t285;
				_v80 = 8;
				_t225 =  >=  ? _t285 :  &_v96;
				 *((char*)(( >=  ? _t285 :  &_v96) + 8)) = 0;
				r15d = 0;
				_t286 = _v96;
				if (_v72 - 0x10 < 0) goto 0xb0a9e9d8;
				if (_t286 == 0) goto 0xb0a9ea04;
				goto 0xb0a9e9dd;
				_t331 =  &_v96;
				_t227 =  >=  ? _t286 :  &_v96;
				_t167 = ( >=  ? _t286 :  &_v96) - _t331;
				if (( >=  ? _t286 :  &_v96) - _t331 > 0) goto 0xb0a9ea04;
				_t229 =  >=  ? _t286 :  &_v96;
				_t230 = ( >=  ? _t286 :  &_v96) + _v80;
				_t169 = _t331 - ( >=  ? _t286 :  &_v96) + _v80;
				if (_t331 - ( >=  ? _t286 :  &_v96) + _v80 <= 0) goto 0xb0a9ea1b;
				E00007FF67FF6B0AA44B8();
				if ( &_v104 == 0xfffffffc) goto 0xb0a9ea52;
				_t233 =  >=  ? _v96 :  &_v96;
				_t234 = ( >=  ? _v96 :  &_v96) + _v80;
				_t172 = _t331 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t331 - ( >=  ? _v96 :  &_v96) + _v80 < 0) goto 0xb0a9ea52;
				E00007FF67FF6B0AA44B8();
				_t344 = _v80;
				_t288 = _v96;
				_t335 = _t344;
				if (_v72 - 0x10 < 0) goto 0xb0a9ea65;
				if (_t288 == 0) goto 0xb0a9ea91;
				goto 0xb0a9ea6a;
				_t275 =  &_v96;
				_t236 =  >=  ? _t288 :  &_v96;
				_t176 = ( >=  ? _t288 :  &_v96) - _t275;
				if (( >=  ? _t288 :  &_v96) - _t275 > 0) goto 0xb0a9ea91;
				_t238 =  >=  ? _t288 :  &_v96;
				_t239 = ( >=  ? _t288 :  &_v96) + _t344;
				_t178 = _t275 - ( >=  ? _t288 :  &_v96) + _t344;
				if (_t275 - ( >=  ? _t288 :  &_v96) + _t344 <= 0) goto 0xb0a9eaa8;
				E00007FF67FF6B0AA44B8();
				if ( &_v104 == 0xfffffffc) goto 0xb0a9eacd;
				_t242 =  >=  ? _v96 :  &_v96;
				_t243 = ( >=  ? _v96 :  &_v96) + _v80;
				_t181 = _t275 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t275 - ( >=  ? _v96 :  &_v96) + _v80 < 0) goto 0xb0a9eacd;
				E00007FF67FF6B0AA44B8();
				_v144 =  &_v120;
				_v152 = _t331 + _t344;
				_v160 = _t275;
				_v168 =  &_v128;
				_t126 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t361 + 0x70)))) + 0x28))();
				if (_t126 < 0) goto 0xb0a9edf2;
				if (_t126 - 1 > 0) goto 0xb0a9edbb;
				_t291 = _v96;
				if (_v72 - 0x10 < 0) goto 0xb0a9eb38;
				if (_t291 == 0) goto 0xb0a9eb69;
				goto 0xb0a9eb3d;
				_t277 =  &_v96;
				_t247 =  >=  ? _t291 :  &_v96;
				_t187 = ( >=  ? _t291 :  &_v96) - _t277;
				if (( >=  ? _t291 :  &_v96) - _t277 > 0) goto 0xb0a9eb69;
				_t249 =  >=  ? _t291 :  &_v96;
				_t250 = ( >=  ? _t291 :  &_v96) + _v80;
				_t189 = _t277 - ( >=  ? _t291 :  &_v96) + _v80;
				if (_t277 - ( >=  ? _t291 :  &_v96) + _v80 <= 0) goto 0xb0a9eb80;
				E00007FF67FF6B0AA44B8();
				if ( &_v104 == 0xfffffffc) goto 0xb0a9ebb7;
				_t253 =  >=  ? _v96 :  &_v96;
				_t254 = ( >=  ? _v96 :  &_v96) + _v80;
				_t192 = _t277 - ( >=  ? _v96 :  &_v96) + _v80;
				if (_t192 < 0) goto 0xb0a9ebb7;
				E00007FF67FF6B0AA44B8();
				_t293 = _v96;
				_t333 = _v120 - _t277;
				if (_t192 == 0) goto 0xb0a9ec70;
				if (_v72 - 0x10 < 0) goto 0xb0a9ebd5;
				if (_t293 == 0) goto 0xb0a9ec01;
				goto 0xb0a9ebda;
				_t279 =  &_v96;
				_t256 =  >=  ? _t293 :  &_v96;
				_t196 = ( >=  ? _t293 :  &_v96) - _t279;
				if (( >=  ? _t293 :  &_v96) - _t279 > 0) goto 0xb0a9ec01;
				_t258 =  >=  ? _t293 :  &_v96;
				_t259 = ( >=  ? _t293 :  &_v96) + _v80;
				_t198 = _t279 - ( >=  ? _t293 :  &_v96) + _v80;
				if (_t279 - ( >=  ? _t293 :  &_v96) + _v80 <= 0) goto 0xb0a9ec18;
				E00007FF67FF6B0AA44B8();
				if ( &_v104 == 0xfffffffc) goto 0xb0a9ec3d;
				_t262 =  >=  ? _v96 :  &_v96;
				_t263 = ( >=  ? _v96 :  &_v96) + _v80;
				if (_t279 - _t263 < 0) goto 0xb0a9ec3d;
				E00007FF67FF6B0AA44B8();
				_t359 =  *((intOrPtr*)(_t361 + 0x88));
				E00007FF67FF6B0AA5B14(_t279, _t279, _v72, _t333, _t344, _t333,  *((intOrPtr*)(_t361 + 0x88)));
				if (_t333 != _t263) goto 0xb0a9ed83;
				_t352 = _v80;
				 *((char*)(_t361 + 0x79)) = 1;
				if (_v128 !=  &_v136) goto 0xb0a9edab;
				if (_t333 != 0) goto 0xb0a9e9c8;
				if (_t352 - 0x20 >= 0) goto 0xb0a9ed9c;
				if ((_t336 | 0xffffffffffffffff) - _t352 - 8 > 0) goto 0xb0a9ecbc;
				E00007FF67FF6B0AA33CC((_t336 | 0xffffffffffffffff) - _t352, _t279, _t333, _t336 | 0xffffffffffffffff, _t352,  *((intOrPtr*)(_t361 + 0x88)));
				_t84 = _v80 + 8; // 0x10
				_t280 = _t84;
				if (_t280 - 0xfffffffe <= 0) goto 0xb0a9ecdd;
				_t133 = E00007FF67FF6B0AA33CC((_t336 | 0xffffffffffffffff) - _t352, _t280, _t333, _t336 | 0xffffffffffffffff, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				if (_v72 - _t280 >= 0) goto 0xb0a9ed03;
				E00007FF67FF6B0A92250(_t133,  &_v104, _t280, _v80);
				goto 0xb0a9ed34;
				if (_t280 != 0) goto 0xb0a9ed34;
				_v80 = _t362;
				_t268 =  >=  ? _v96 :  &_v96;
				 *((intOrPtr*)( >=  ? _v96 :  &_v96)) = r15b;
				_t301 = _v96;
				goto 0xb0a9e9c8;
				if (_t280 == 0) goto 0xb0a9e9c8;
				_t270 =  >=  ? _t301 :  &_v96;
				 *((long long*)(_v80 + ( >=  ? _t301 :  &_v96))) = _t301;
				_v80 = _t280;
				_t272 =  >=  ? _v96 :  &_v96;
				 *((char*)(_t280 + ( >=  ? _v96 :  &_v96))) = 0;
				_t328 = _v72;
				_t357 = _v80;
				goto 0xb0a9e9c8;
				if (_v72 - 0x10 < 0) goto 0xb0a9ed98;
				E00007FF67FF6B0AA44D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t344, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				goto 0xb0a9ee09;
				if (_t328 - 0x10 < 0) goto 0xb0a9eda7;
				E00007FF67FF6B0AA44D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t344, _v80,  *((intOrPtr*)(_t361 + 0x88)));
				goto 0xb0a9ee09;
				if (_t328 - 0x10 < 0) goto 0xb0a9edb6;
				E00007FF67FF6B0AA44D8( >=  ? _v96 :  &_v96, _t280, _v96, _t328, _t335, _v80, _t359);
				goto 0xb0a9ee09;
				if (r13d != 3) goto 0xb0a9edf2;
				E00007FF67FF6B0AA68AC(_v136, _t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _v80);
				_t156 =  !=  ? r13d :  !=  ? r13d : __ebp;
				if (_v72 - 0x10 < 0) goto 0xb0a9edee;
				E00007FF67FF6B0AA44D8(_t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _v80, _t359);
				goto 0xb0a9ee09;
				if (_v72 - 0x10 < 0) goto 0xb0a9ee07;
				E00007FF67FF6B0AA44D8(_t272, _t280, _v96,  *((intOrPtr*)(_t361 + 0x88)), _t335, _t357, _t359);
				return E00007FF67FF6B0AA4050(_v136, _v64 ^  &_v144,  *((intOrPtr*)(_t361 + 0x88)), _t357, _t359);
			}


















































                                                                                                                                                                                                    0x7ff6b0a9e8d3
                                                                                                                                                                                                    0x7ff6b0a9e8dc
                                                                                                                                                                                                    0x7ff6b0a9e8e4
                                                                                                                                                                                                    0x7ff6b0a9e8ee
                                                                                                                                                                                                    0x7ff6b0a9e8f6
                                                                                                                                                                                                    0x7ff6b0a9e8f9
                                                                                                                                                                                                    0x7ff6b0a9e8ff
                                                                                                                                                                                                    0x7ff6b0a9e903
                                                                                                                                                                                                    0x7ff6b0a9e908
                                                                                                                                                                                                    0x7ff6b0a9e910
                                                                                                                                                                                                    0x7ff6b0a9e915
                                                                                                                                                                                                    0x7ff6b0a9e922
                                                                                                                                                                                                    0x7ff6b0a9e924
                                                                                                                                                                                                    0x7ff6b0a9e927
                                                                                                                                                                                                    0x7ff6b0a9e92c
                                                                                                                                                                                                    0x7ff6b0a9e92f
                                                                                                                                                                                                    0x7ff6b0a9e933
                                                                                                                                                                                                    0x7ff6b0a9e936
                                                                                                                                                                                                    0x7ff6b0a9e93c
                                                                                                                                                                                                    0x7ff6b0a9e941
                                                                                                                                                                                                    0x7ff6b0a9e94c
                                                                                                                                                                                                    0x7ff6b0a9e951
                                                                                                                                                                                                    0x7ff6b0a9e95c
                                                                                                                                                                                                    0x7ff6b0a9e962
                                                                                                                                                                                                    0x7ff6b0a9e96d
                                                                                                                                                                                                    0x7ff6b0a9e973
                                                                                                                                                                                                    0x7ff6b0a9e978
                                                                                                                                                                                                    0x7ff6b0a9e982
                                                                                                                                                                                                    0x7ff6b0a9e98a
                                                                                                                                                                                                    0x7ff6b0a9e991
                                                                                                                                                                                                    0x7ff6b0a9e996
                                                                                                                                                                                                    0x7ff6b0a9e9a8
                                                                                                                                                                                                    0x7ff6b0a9e9ac
                                                                                                                                                                                                    0x7ff6b0a9e9b3
                                                                                                                                                                                                    0x7ff6b0a9e9c3
                                                                                                                                                                                                    0x7ff6b0a9e9cc
                                                                                                                                                                                                    0x7ff6b0a9e9d4
                                                                                                                                                                                                    0x7ff6b0a9e9d6
                                                                                                                                                                                                    0x7ff6b0a9e9d8
                                                                                                                                                                                                    0x7ff6b0a9e9e6
                                                                                                                                                                                                    0x7ff6b0a9e9ea
                                                                                                                                                                                                    0x7ff6b0a9e9ed
                                                                                                                                                                                                    0x7ff6b0a9e9f8
                                                                                                                                                                                                    0x7ff6b0a9e9fc
                                                                                                                                                                                                    0x7ff6b0a9e9ff
                                                                                                                                                                                                    0x7ff6b0a9ea02
                                                                                                                                                                                                    0x7ff6b0a9ea04
                                                                                                                                                                                                    0x7ff6b0a9ea24
                                                                                                                                                                                                    0x7ff6b0a9ea2f
                                                                                                                                                                                                    0x7ff6b0a9ea33
                                                                                                                                                                                                    0x7ff6b0a9ea36
                                                                                                                                                                                                    0x7ff6b0a9ea39
                                                                                                                                                                                                    0x7ff6b0a9ea3b
                                                                                                                                                                                                    0x7ff6b0a9ea48
                                                                                                                                                                                                    0x7ff6b0a9ea4d
                                                                                                                                                                                                    0x7ff6b0a9ea52
                                                                                                                                                                                                    0x7ff6b0a9ea59
                                                                                                                                                                                                    0x7ff6b0a9ea61
                                                                                                                                                                                                    0x7ff6b0a9ea63
                                                                                                                                                                                                    0x7ff6b0a9ea65
                                                                                                                                                                                                    0x7ff6b0a9ea73
                                                                                                                                                                                                    0x7ff6b0a9ea77
                                                                                                                                                                                                    0x7ff6b0a9ea7a
                                                                                                                                                                                                    0x7ff6b0a9ea85
                                                                                                                                                                                                    0x7ff6b0a9ea89
                                                                                                                                                                                                    0x7ff6b0a9ea8c
                                                                                                                                                                                                    0x7ff6b0a9ea8f
                                                                                                                                                                                                    0x7ff6b0a9ea91
                                                                                                                                                                                                    0x7ff6b0a9eab1
                                                                                                                                                                                                    0x7ff6b0a9eabc
                                                                                                                                                                                                    0x7ff6b0a9eac0
                                                                                                                                                                                                    0x7ff6b0a9eac3
                                                                                                                                                                                                    0x7ff6b0a9eac6
                                                                                                                                                                                                    0x7ff6b0a9eac8
                                                                                                                                                                                                    0x7ff6b0a9eade
                                                                                                                                                                                                    0x7ff6b0a9eae3
                                                                                                                                                                                                    0x7ff6b0a9eae8
                                                                                                                                                                                                    0x7ff6b0a9eaf2
                                                                                                                                                                                                    0x7ff6b0a9eb06
                                                                                                                                                                                                    0x7ff6b0a9eb0c
                                                                                                                                                                                                    0x7ff6b0a9eb15
                                                                                                                                                                                                    0x7ff6b0a9eb1b
                                                                                                                                                                                                    0x7ff6b0a9eb2c
                                                                                                                                                                                                    0x7ff6b0a9eb34
                                                                                                                                                                                                    0x7ff6b0a9eb36
                                                                                                                                                                                                    0x7ff6b0a9eb38
                                                                                                                                                                                                    0x7ff6b0a9eb46
                                                                                                                                                                                                    0x7ff6b0a9eb4a
                                                                                                                                                                                                    0x7ff6b0a9eb4d
                                                                                                                                                                                                    0x7ff6b0a9eb58
                                                                                                                                                                                                    0x7ff6b0a9eb61
                                                                                                                                                                                                    0x7ff6b0a9eb64
                                                                                                                                                                                                    0x7ff6b0a9eb67
                                                                                                                                                                                                    0x7ff6b0a9eb69
                                                                                                                                                                                                    0x7ff6b0a9eb89
                                                                                                                                                                                                    0x7ff6b0a9eb94
                                                                                                                                                                                                    0x7ff6b0a9eb98
                                                                                                                                                                                                    0x7ff6b0a9eb9b
                                                                                                                                                                                                    0x7ff6b0a9eb9e
                                                                                                                                                                                                    0x7ff6b0a9eba0
                                                                                                                                                                                                    0x7ff6b0a9ebb2
                                                                                                                                                                                                    0x7ff6b0a9ebbc
                                                                                                                                                                                                    0x7ff6b0a9ebbf
                                                                                                                                                                                                    0x7ff6b0a9ebc9
                                                                                                                                                                                                    0x7ff6b0a9ebd1
                                                                                                                                                                                                    0x7ff6b0a9ebd3
                                                                                                                                                                                                    0x7ff6b0a9ebd5
                                                                                                                                                                                                    0x7ff6b0a9ebe3
                                                                                                                                                                                                    0x7ff6b0a9ebe7
                                                                                                                                                                                                    0x7ff6b0a9ebea
                                                                                                                                                                                                    0x7ff6b0a9ebf5
                                                                                                                                                                                                    0x7ff6b0a9ebf9
                                                                                                                                                                                                    0x7ff6b0a9ebfc
                                                                                                                                                                                                    0x7ff6b0a9ebff
                                                                                                                                                                                                    0x7ff6b0a9ec01
                                                                                                                                                                                                    0x7ff6b0a9ec21
                                                                                                                                                                                                    0x7ff6b0a9ec2c
                                                                                                                                                                                                    0x7ff6b0a9ec30
                                                                                                                                                                                                    0x7ff6b0a9ec36
                                                                                                                                                                                                    0x7ff6b0a9ec38
                                                                                                                                                                                                    0x7ff6b0a9ec3d
                                                                                                                                                                                                    0x7ff6b0a9ec50
                                                                                                                                                                                                    0x7ff6b0a9ec58
                                                                                                                                                                                                    0x7ff6b0a9ec66
                                                                                                                                                                                                    0x7ff6b0a9ec70
                                                                                                                                                                                                    0x7ff6b0a9ec80
                                                                                                                                                                                                    0x7ff6b0a9ec89
                                                                                                                                                                                                    0x7ff6b0a9ec93
                                                                                                                                                                                                    0x7ff6b0a9eca3
                                                                                                                                                                                                    0x7ff6b0a9eca5
                                                                                                                                                                                                    0x7ff6b0a9ecbc
                                                                                                                                                                                                    0x7ff6b0a9ecbc
                                                                                                                                                                                                    0x7ff6b0a9ecc4
                                                                                                                                                                                                    0x7ff6b0a9ecc6
                                                                                                                                                                                                    0x7ff6b0a9ece0
                                                                                                                                                                                                    0x7ff6b0a9ecea
                                                                                                                                                                                                    0x7ff6b0a9ed01
                                                                                                                                                                                                    0x7ff6b0a9ed06
                                                                                                                                                                                                    0x7ff6b0a9ed08
                                                                                                                                                                                                    0x7ff6b0a9ed16
                                                                                                                                                                                                    0x7ff6b0a9ed1a
                                                                                                                                                                                                    0x7ff6b0a9ed2a
                                                                                                                                                                                                    0x7ff6b0a9ed2f
                                                                                                                                                                                                    0x7ff6b0a9ed37
                                                                                                                                                                                                    0x7ff6b0a9ed46
                                                                                                                                                                                                    0x7ff6b0a9ed4c
                                                                                                                                                                                                    0x7ff6b0a9ed50
                                                                                                                                                                                                    0x7ff6b0a9ed63
                                                                                                                                                                                                    0x7ff6b0a9ed69
                                                                                                                                                                                                    0x7ff6b0a9ed6c
                                                                                                                                                                                                    0x7ff6b0a9ed74
                                                                                                                                                                                                    0x7ff6b0a9ed7e
                                                                                                                                                                                                    0x7ff6b0a9ed8c
                                                                                                                                                                                                    0x7ff6b0a9ed93
                                                                                                                                                                                                    0x7ff6b0a9ed9a
                                                                                                                                                                                                    0x7ff6b0a9eda0
                                                                                                                                                                                                    0x7ff6b0a9eda2
                                                                                                                                                                                                    0x7ff6b0a9eda9
                                                                                                                                                                                                    0x7ff6b0a9edaf
                                                                                                                                                                                                    0x7ff6b0a9edb1
                                                                                                                                                                                                    0x7ff6b0a9edb9
                                                                                                                                                                                                    0x7ff6b0a9edbe
                                                                                                                                                                                                    0x7ff6b0a9edcd
                                                                                                                                                                                                    0x7ff6b0a9edd5
                                                                                                                                                                                                    0x7ff6b0a9ede2
                                                                                                                                                                                                    0x7ff6b0a9ede9
                                                                                                                                                                                                    0x7ff6b0a9edf0
                                                                                                                                                                                                    0x7ff6b0a9edfb
                                                                                                                                                                                                    0x7ff6b0a9ee02
                                                                                                                                                                                                    0x7ff6b0a9ee33

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9d40a9783c5088da7ce004c666f8bdd368779f830e9e7fa24a0836714183e228
                                                                                                                                                                                                    • Instruction ID: b7b27e1105d43b3b6b11db75ff68d3e07e1e95d998365e8a5ba978568ce92396
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d40a9783c5088da7ce004c666f8bdd368779f830e9e7fa24a0836714183e228
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE1566370CB41A1EE50DA19D05436E6B51FB857E0F944A32EB9E82BEBDF2DE484C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9FB00 Relevance: 12.3, APIs: 8, Instructions: 295COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF67FF6B0A9FB00(void* __edx, long long __rbx, long long __rcx, long long __rdx, long long __rsi) {
				void* __rdi;
				void* _t121;
				void* _t162;
				void* _t171;
				void* _t197;
				signed long long _t198;
				signed long long _t223;
				void* _t233;
				void* _t235;
				void* _t237;
				long long _t239;
				long long _t280;
				void* _t282;
				void* _t284;
				long long _t288;
				long long _t289;
				void* _t291;
				signed long long _t292;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t299;
				intOrPtr _t301;
				intOrPtr _t326;
				long long _t328;

				_t197 = _t291;
				_t292 = _t291 - 0x70;
				 *((long long*)(_t292 + 0x38)) = 0xfffffffe;
				 *((long long*)(_t197 + 0x10)) = __rbx;
				 *((long long*)(_t197 + 0x18)) = _t288;
				 *((long long*)(_t197 + 0x20)) = __rsi;
				_t198 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t292 + 0x68) = _t198 ^ _t292;
				_t289 = __rcx;
				if ( *((long long*)(__rcx + 0x70)) == 0) goto 0xb0a9ff52;
				if ( *((char*)(__rcx + 0x79)) == 0) goto 0xb0a9ff52;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 8))() != 0xffffffff) goto 0xb0a9fb5d;
				goto 0xb0a9ff54;
				 *((long long*)(_t292 + 0x60)) = __rdx;
				 *((char*)(_t292 + 0x48)) = 0;
				 *((long long*)(_t292 + 0x48)) = __rcx;
				 *((long long*)(_t292 + 0x58)) = 8;
				_t202 =  >=  ? __rcx : _t292 + 0x48;
				 *((char*)(( >=  ? __rcx : _t292 + 0x48) + 8)) = 0;
				r13d = 0;
				_t294 =  *((intOrPtr*)(_t292 + 0x48));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9fbb0;
				if (_t294 == 0) goto 0xb0a9fbe1;
				goto 0xb0a9fbb5;
				_t282 = _t292 + 0x48;
				_t204 =  >=  ? _t294 : _t292 + 0x48;
				_t147 = ( >=  ? _t294 : _t292 + 0x48) - _t282;
				if (( >=  ? _t294 : _t292 + 0x48) - _t282 > 0) goto 0xb0a9fbe1;
				_t243 =  >=  ? _t294 : _t292 + 0x48;
				_t244 = ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t149 = _t282 - ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t282 - ( >=  ? _t294 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0xb0a9fbf0;
				E00007FF67FF6B0AA44B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0xb0a9fc24;
				_t246 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t247 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t152 = _t282 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t282 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) < 0) goto 0xb0a9fc24;
				E00007FF67FF6B0AA44B8();
				_t296 =  *((intOrPtr*)(_t292 + 0x48));
				_t286 =  *((intOrPtr*)(_t292 + 0x58));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9fc39;
				if (_t296 == 0) goto 0xb0a9fc6a;
				goto 0xb0a9fc3e;
				_t233 = _t292 + 0x48;
				_t209 =  >=  ? _t296 : _t292 + 0x48;
				_t156 = ( >=  ? _t296 : _t292 + 0x48) - _t233;
				if (( >=  ? _t296 : _t292 + 0x48) - _t233 > 0) goto 0xb0a9fc6a;
				_t249 =  >=  ? _t296 : _t292 + 0x48;
				_t250 = ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t158 = _t233 - ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t233 - ( >=  ? _t296 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0xb0a9fc79;
				E00007FF67FF6B0AA44B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0xb0a9fca3;
				_t252 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t253 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t161 = _t233 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t233 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) < 0) goto 0xb0a9fca3;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t292 + 0x20)) = _t292 + 0x30;
				_t162 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x70)))) + 0x30))();
				if (_t162 == 0) goto 0xb0a9fcd1;
				if (_t162 != 0) goto 0xb0a9fef9;
				goto 0xb0a9fcd5;
				 *((intOrPtr*)(__rcx + 0x79)) = r13b;
				_t299 =  *((intOrPtr*)(_t292 + 0x48));
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9fcef;
				if (_t299 == 0) goto 0xb0a9fd20;
				goto 0xb0a9fcf4;
				_t235 = _t292 + 0x48;
				_t215 =  >=  ? _t299 : _t292 + 0x48;
				_t166 = ( >=  ? _t299 : _t292 + 0x48) - _t235;
				if (( >=  ? _t299 : _t292 + 0x48) - _t235 > 0) goto 0xb0a9fd20;
				_t256 =  >=  ? _t299 : _t292 + 0x48;
				_t257 = ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t168 = _t235 - ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t235 - ( >=  ? _t299 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0xb0a9fd2f;
				E00007FF67FF6B0AA44B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0xb0a9fd63;
				_t259 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t260 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t171 = _t235 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t171 < 0) goto 0xb0a9fd63;
				E00007FF67FF6B0AA44B8();
				_t301 =  *((intOrPtr*)(_t292 + 0x48));
				_t284 =  *((intOrPtr*)(_t292 + 0x30)) - _t235;
				if (_t171 == 0) goto 0xb0a9fe15;
				if ( *((intOrPtr*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9fd81;
				if (_t301 == 0) goto 0xb0a9fdb2;
				goto 0xb0a9fd86;
				_t237 = _t292 + 0x48;
				_t220 =  >=  ? _t301 : _t292 + 0x48;
				_t175 = ( >=  ? _t301 : _t292 + 0x48) - _t237;
				if (( >=  ? _t301 : _t292 + 0x48) - _t237 > 0) goto 0xb0a9fdb2;
				_t262 =  >=  ? _t301 : _t292 + 0x48;
				_t263 = ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				_t177 = _t237 - ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58));
				if (_t237 - ( >=  ? _t301 : _t292 + 0x48) +  *((intOrPtr*)(_t292 + 0x58)) <= 0) goto 0xb0a9fdc1;
				E00007FF67FF6B0AA44B8();
				if (_t292 + 0x40 == 0xfffffffc) goto 0xb0a9fdeb;
				_t278 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				_t223 =  *((intOrPtr*)(_t292 + 0x58));
				_t279 = ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223;
				_t180 = _t237 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223;
				if (_t237 - ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223 < 0) goto 0xb0a9fdeb;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AA5B14(_t237, _t237, ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48) + _t223, _t284,  *((intOrPtr*)(_t292 + 0x58)), _t284,  *((intOrPtr*)(__rcx + 0x88)));
				if (_t284 != _t223) goto 0xb0a9ff2a;
				if ( *((intOrPtr*)(_t289 + 0x79)) == r13b) goto 0xb0a9ff40;
				if (_t284 != 0) goto 0xb0a9fba0;
				if ((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)) - 8 > 0) goto 0xb0a9fe46;
				E00007FF67FF6B0AA33CC((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)), _t237, _t284, _t289,  *((intOrPtr*)(_t292 + 0x48)),  *((intOrPtr*)(_t292 + 0x60)));
				_t239 =  *((intOrPtr*)(_t292 + 0x58)) + 8;
				if (_t239 - 0xfffffffe <= 0) goto 0xb0a9fe64;
				_t121 = E00007FF67FF6B0AA33CC((_t223 | 0xffffffff) -  *((intOrPtr*)(_t292 + 0x58)), _t239, _t284, _t289,  *((intOrPtr*)(_t292 + 0x48)),  *((intOrPtr*)(_t292 + 0x60)));
				if ( *((intOrPtr*)(_t292 + 0x60)) - _t239 >= 0) goto 0xb0a9fe87;
				_t280 = _t239;
				E00007FF67FF6B0A92250(_t121, _t292 + 0x40, _t280,  *((intOrPtr*)(_t292 + 0x58)));
				goto 0xb0a9feb0;
				if (_t239 != 0) goto 0xb0a9feb0;
				 *((long long*)(_t292 + 0x58)) = _t328;
				_t227 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((intOrPtr*)( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48)) = r13b;
				goto 0xb0a9fba0;
				if (_t239 == 0) goto 0xb0a9fba0;
				_t267 =  >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((long long*)( *((intOrPtr*)(_t292 + 0x58)) + ( >=  ?  *((intOrPtr*)(_t292 + 0x48)) : _t292 + 0x48))) = _t280;
				 *((long long*)(_t292 + 0x58)) = _t239;
				_t230 =  >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48;
				 *((char*)(_t239 + ( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48))) = 0;
				_t326 =  *((intOrPtr*)(_t292 + 0x60));
				_t310 =  *((intOrPtr*)(_t292 + 0x48));
				goto 0xb0a9fba0;
				if ( *((long long*)(_t292 + 0x60)) == 0x10) goto 0xb0a9ff14;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9ff10;
				E00007FF67FF6B0AA44D8( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280,  *((intOrPtr*)(_t292 + 0x58)),  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0xb0a9ff54;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9ff26;
				E00007FF67FF6B0AA44D8( >=  ?  *((void*)(_t292 + 0x48)) : _t292 + 0x48, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280,  *((intOrPtr*)(_t292 + 0x58)),  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0xb0a9ff54;
				if ( *((long long*)(_t292 + 0x60)) - 0x10 < 0) goto 0xb0a9ff3c;
				E00007FF67FF6B0AA44D8(_t230, _t239,  *((intOrPtr*)(_t292 + 0x48)), _t280, _t286,  *((intOrPtr*)(_t292 + 0x48)), _t326);
				goto 0xb0a9ff54;
				if (_t326 - 0x10 < 0) goto 0xb0a9ff4e;
				E00007FF67FF6B0AA44D8(_t230, _t239, _t310, _t280, _t286, _t310, _t326);
				goto 0xb0a9ff54;
				return E00007FF67FF6B0AA4050(0,  *(_t292 + 0x68) ^ _t292, _t280, _t310, _t326);
			}



























                                                                                                                                                                                                    0x7ff6b0a9fb00
                                                                                                                                                                                                    0x7ff6b0a9fb08
                                                                                                                                                                                                    0x7ff6b0a9fb0c
                                                                                                                                                                                                    0x7ff6b0a9fb15
                                                                                                                                                                                                    0x7ff6b0a9fb19
                                                                                                                                                                                                    0x7ff6b0a9fb1d
                                                                                                                                                                                                    0x7ff6b0a9fb21
                                                                                                                                                                                                    0x7ff6b0a9fb2b
                                                                                                                                                                                                    0x7ff6b0a9fb30
                                                                                                                                                                                                    0x7ff6b0a9fb38
                                                                                                                                                                                                    0x7ff6b0a9fb42
                                                                                                                                                                                                    0x7ff6b0a9fb54
                                                                                                                                                                                                    0x7ff6b0a9fb58
                                                                                                                                                                                                    0x7ff6b0a9fb62
                                                                                                                                                                                                    0x7ff6b0a9fb67
                                                                                                                                                                                                    0x7ff6b0a9fb6e
                                                                                                                                                                                                    0x7ff6b0a9fb73
                                                                                                                                                                                                    0x7ff6b0a9fb85
                                                                                                                                                                                                    0x7ff6b0a9fb89
                                                                                                                                                                                                    0x7ff6b0a9fb8c
                                                                                                                                                                                                    0x7ff6b0a9fb94
                                                                                                                                                                                                    0x7ff6b0a9fba4
                                                                                                                                                                                                    0x7ff6b0a9fbac
                                                                                                                                                                                                    0x7ff6b0a9fbae
                                                                                                                                                                                                    0x7ff6b0a9fbb0
                                                                                                                                                                                                    0x7ff6b0a9fbbe
                                                                                                                                                                                                    0x7ff6b0a9fbc2
                                                                                                                                                                                                    0x7ff6b0a9fbc5
                                                                                                                                                                                                    0x7ff6b0a9fbd0
                                                                                                                                                                                                    0x7ff6b0a9fbd9
                                                                                                                                                                                                    0x7ff6b0a9fbdc
                                                                                                                                                                                                    0x7ff6b0a9fbdf
                                                                                                                                                                                                    0x7ff6b0a9fbe1
                                                                                                                                                                                                    0x7ff6b0a9fbf9
                                                                                                                                                                                                    0x7ff6b0a9fc04
                                                                                                                                                                                                    0x7ff6b0a9fc0d
                                                                                                                                                                                                    0x7ff6b0a9fc10
                                                                                                                                                                                                    0x7ff6b0a9fc13
                                                                                                                                                                                                    0x7ff6b0a9fc15
                                                                                                                                                                                                    0x7ff6b0a9fc1f
                                                                                                                                                                                                    0x7ff6b0a9fc24
                                                                                                                                                                                                    0x7ff6b0a9fc2d
                                                                                                                                                                                                    0x7ff6b0a9fc35
                                                                                                                                                                                                    0x7ff6b0a9fc37
                                                                                                                                                                                                    0x7ff6b0a9fc39
                                                                                                                                                                                                    0x7ff6b0a9fc47
                                                                                                                                                                                                    0x7ff6b0a9fc4b
                                                                                                                                                                                                    0x7ff6b0a9fc4e
                                                                                                                                                                                                    0x7ff6b0a9fc59
                                                                                                                                                                                                    0x7ff6b0a9fc62
                                                                                                                                                                                                    0x7ff6b0a9fc65
                                                                                                                                                                                                    0x7ff6b0a9fc68
                                                                                                                                                                                                    0x7ff6b0a9fc6a
                                                                                                                                                                                                    0x7ff6b0a9fc82
                                                                                                                                                                                                    0x7ff6b0a9fc8d
                                                                                                                                                                                                    0x7ff6b0a9fc96
                                                                                                                                                                                                    0x7ff6b0a9fc99
                                                                                                                                                                                                    0x7ff6b0a9fc9c
                                                                                                                                                                                                    0x7ff6b0a9fc9e
                                                                                                                                                                                                    0x7ff6b0a9fcb3
                                                                                                                                                                                                    0x7ff6b0a9fcc2
                                                                                                                                                                                                    0x7ff6b0a9fcc4
                                                                                                                                                                                                    0x7ff6b0a9fcc9
                                                                                                                                                                                                    0x7ff6b0a9fccf
                                                                                                                                                                                                    0x7ff6b0a9fcd1
                                                                                                                                                                                                    0x7ff6b0a9fcd5
                                                                                                                                                                                                    0x7ff6b0a9fce3
                                                                                                                                                                                                    0x7ff6b0a9fceb
                                                                                                                                                                                                    0x7ff6b0a9fced
                                                                                                                                                                                                    0x7ff6b0a9fcef
                                                                                                                                                                                                    0x7ff6b0a9fcfd
                                                                                                                                                                                                    0x7ff6b0a9fd01
                                                                                                                                                                                                    0x7ff6b0a9fd04
                                                                                                                                                                                                    0x7ff6b0a9fd0f
                                                                                                                                                                                                    0x7ff6b0a9fd18
                                                                                                                                                                                                    0x7ff6b0a9fd1b
                                                                                                                                                                                                    0x7ff6b0a9fd1e
                                                                                                                                                                                                    0x7ff6b0a9fd20
                                                                                                                                                                                                    0x7ff6b0a9fd38
                                                                                                                                                                                                    0x7ff6b0a9fd43
                                                                                                                                                                                                    0x7ff6b0a9fd4c
                                                                                                                                                                                                    0x7ff6b0a9fd4f
                                                                                                                                                                                                    0x7ff6b0a9fd52
                                                                                                                                                                                                    0x7ff6b0a9fd54
                                                                                                                                                                                                    0x7ff6b0a9fd5e
                                                                                                                                                                                                    0x7ff6b0a9fd68
                                                                                                                                                                                                    0x7ff6b0a9fd6b
                                                                                                                                                                                                    0x7ff6b0a9fd75
                                                                                                                                                                                                    0x7ff6b0a9fd7d
                                                                                                                                                                                                    0x7ff6b0a9fd7f
                                                                                                                                                                                                    0x7ff6b0a9fd81
                                                                                                                                                                                                    0x7ff6b0a9fd8f
                                                                                                                                                                                                    0x7ff6b0a9fd93
                                                                                                                                                                                                    0x7ff6b0a9fd96
                                                                                                                                                                                                    0x7ff6b0a9fda1
                                                                                                                                                                                                    0x7ff6b0a9fdaa
                                                                                                                                                                                                    0x7ff6b0a9fdad
                                                                                                                                                                                                    0x7ff6b0a9fdb0
                                                                                                                                                                                                    0x7ff6b0a9fdb2
                                                                                                                                                                                                    0x7ff6b0a9fdca
                                                                                                                                                                                                    0x7ff6b0a9fdd5
                                                                                                                                                                                                    0x7ff6b0a9fdd9
                                                                                                                                                                                                    0x7ff6b0a9fdde
                                                                                                                                                                                                    0x7ff6b0a9fde1
                                                                                                                                                                                                    0x7ff6b0a9fde4
                                                                                                                                                                                                    0x7ff6b0a9fde6
                                                                                                                                                                                                    0x7ff6b0a9fdfd
                                                                                                                                                                                                    0x7ff6b0a9fe05
                                                                                                                                                                                                    0x7ff6b0a9fe19
                                                                                                                                                                                                    0x7ff6b0a9fe22
                                                                                                                                                                                                    0x7ff6b0a9fe35
                                                                                                                                                                                                    0x7ff6b0a9fe37
                                                                                                                                                                                                    0x7ff6b0a9fe4b
                                                                                                                                                                                                    0x7ff6b0a9fe53
                                                                                                                                                                                                    0x7ff6b0a9fe55
                                                                                                                                                                                                    0x7ff6b0a9fe67
                                                                                                                                                                                                    0x7ff6b0a9fe6e
                                                                                                                                                                                                    0x7ff6b0a9fe76
                                                                                                                                                                                                    0x7ff6b0a9fe85
                                                                                                                                                                                                    0x7ff6b0a9fe8a
                                                                                                                                                                                                    0x7ff6b0a9fe8c
                                                                                                                                                                                                    0x7ff6b0a9fe9a
                                                                                                                                                                                                    0x7ff6b0a9fe9e
                                                                                                                                                                                                    0x7ff6b0a9feab
                                                                                                                                                                                                    0x7ff6b0a9feb3
                                                                                                                                                                                                    0x7ff6b0a9fec2
                                                                                                                                                                                                    0x7ff6b0a9fecd
                                                                                                                                                                                                    0x7ff6b0a9fed1
                                                                                                                                                                                                    0x7ff6b0a9fee1
                                                                                                                                                                                                    0x7ff6b0a9fee7
                                                                                                                                                                                                    0x7ff6b0a9feea
                                                                                                                                                                                                    0x7ff6b0a9feef
                                                                                                                                                                                                    0x7ff6b0a9fef4
                                                                                                                                                                                                    0x7ff6b0a9fefc
                                                                                                                                                                                                    0x7ff6b0a9ff04
                                                                                                                                                                                                    0x7ff6b0a9ff0b
                                                                                                                                                                                                    0x7ff6b0a9ff12
                                                                                                                                                                                                    0x7ff6b0a9ff1a
                                                                                                                                                                                                    0x7ff6b0a9ff21
                                                                                                                                                                                                    0x7ff6b0a9ff28
                                                                                                                                                                                                    0x7ff6b0a9ff30
                                                                                                                                                                                                    0x7ff6b0a9ff37
                                                                                                                                                                                                    0x7ff6b0a9ff3e
                                                                                                                                                                                                    0x7ff6b0a9ff44
                                                                                                                                                                                                    0x7ff6b0a9ff49
                                                                                                                                                                                                    0x7ff6b0a9ff50
                                                                                                                                                                                                    0x7ff6b0a9ff7a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: bb00c0e8b7afb0c2600c17caa4aa4b149fb672f7b61d2350a14f23c70e491a44
                                                                                                                                                                                                    • Instruction ID: 133cacf73eeb2bd1e532152f6f4f86a195958035caab46fa3df12bd95a35208f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb00c0e8b7afb0c2600c17caa4aa4b149fb672f7b61d2350a14f23c70e491a44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BC1672370CB8591EE049F9DE0501A9AB61EB867E4FA40932FB5D43BE7DF6DD4848710
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9BC70 Relevance: 12.1, APIs: 8, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0A9BC70(intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rbp, intOrPtr* __r8, intOrPtr* __r9, long long __r12, long long __r13, long long __r15, long long _a8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* _t62;
				intOrPtr _t89;
				intOrPtr _t102;
				intOrPtr _t103;
				long long _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t120;
				intOrPtr* _t126;
				signed long long _t131;
				unsigned long long _t139;

				 *((long long*)(__rcx)) =  *((intOrPtr*)(__r8));
				 *((long long*)(__rcx + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *((long long*)(__rdx + 0x38)) == 0) goto 0xb0a9be4a;
				_v40 = __r15;
				_a8 = __rbp;
				_a16 = __rdi;
				_a24 = __r12;
				r15d = 0;
				_v32 = __r13;
				_t89 =  *__rcx;
				if (_t89 == 0xfffffffc) goto 0xb0a9bccf;
				if (_t89 == 0) goto 0xb0a9bcca;
				if (_t89 ==  *__r9) goto 0xb0a9bccf;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__rcx + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0xb0a9be25;
				_t131 =  *((intOrPtr*)(__rdx + 0x30));
				if (_t131 -  *((intOrPtr*)(__rdx + 0x38)) + _t131 <= 0) goto 0xb0a9bcf2;
				E00007FF67FF6B0AA44B8();
				_t126 =  *((intOrPtr*)(__rdx));
				_t139 = _t131 >> 3;
				r13d = r13d & 0x00000007;
				if (_t126 != 0) goto 0xb0a9bd15;
				E00007FF67FF6B0AA44B8();
				goto 0xb0a9bd1b;
				if (_t131 -  *((intOrPtr*)( *_t126 + 0x38)) +  *((intOrPtr*)( *_t126 + 0x30)) < 0) goto 0xb0a9bd2d;
				E00007FF67FF6B0AA44B8();
				if (_t126 == 0) goto 0xb0a9bd37;
				goto 0xb0a9bd3a;
				if ( *((intOrPtr*)(__r15 + 0x28)) - _t139 > 0) goto 0xb0a9bd51;
				if (_t126 == 0) goto 0xb0a9bd4a;
				goto 0xb0a9bd4d;
				if (_t126 == 0) goto 0xb0a9bd5b;
				goto 0xb0a9bd5e;
				_t102 =  *__rcx;
				if (_t102 == 0xfffffffc) goto 0xb0a9bda0;
				if (_t102 != 0) goto 0xb0a9bd79;
				E00007FF67FF6B0AA44B8();
				_t103 =  *__rcx;
				if ( *((long long*)(_t103 + 0x20)) - 8 < 0) goto 0xb0a9bd89;
				goto 0xb0a9bd8d;
				if ( *((intOrPtr*)(__rcx + 8)) - _t103 + 8 +  *(_t103 + 0x18) * 2 < 0) goto 0xb0a9bda0;
				E00007FF67FF6B0AA44B8();
				 *((short*)( *((intOrPtr*)(__rcx + 8)))) =  *( *((intOrPtr*)( *((intOrPtr*)(__r15 + 0x20)) + (_t139 -  *((intOrPtr*)(__r15 + 0x28))) * 8)) + _t131 * 2) & 0x0000ffff;
				_t120 =  *((intOrPtr*)(__rdx + 0x38));
				if (_t120 == 0) goto 0xb0a9bddc;
				 *((long long*)(__rdx + 0x30)) =  *((long long*)(__rdx + 0x30)) + 1;
				if ( *(__rdx + 0x28) << 3 -  *((intOrPtr*)(__rdx + 0x30)) > 0) goto 0xb0a9bdcb;
				 *((long long*)(__rdx + 0x30)) = __r15;
				_t36 = _t120 - 1; // -1
				_t107 = _t36;
				 *((long long*)(__rdx + 0x38)) = _t107;
				if (_t107 != 0) goto 0xb0a9bddc;
				 *((long long*)(__rdx + 0x30)) = __r15;
				_t108 =  *__rcx;
				if (_t108 == 0xfffffffc) goto 0xb0a9be16;
				if (_t108 != 0) goto 0xb0a9bdef;
				E00007FF67FF6B0AA44B8();
				_t109 =  *__rcx;
				if ( *((long long*)(_t109 + 0x20)) - 8 < 0) goto 0xb0a9bdff;
				goto 0xb0a9be03;
				if ( *((intOrPtr*)(__rcx + 8)) - _t109 + 8 +  *(_t109 + 0x18) * 2 < 0) goto 0xb0a9be16;
				_t62 = E00007FF67FF6B0AA44B8();
				 *((long long*)(__rcx + 8)) =  *((long long*)(__rcx + 8)) + 2;
				if ( *((intOrPtr*)(__rdx + 0x38)) != __r15) goto 0xb0a9bcb7;
				return _t62;
			}
















                                                                                                                                                                                                    0x7ff6b0a9bc84
                                                                                                                                                                                                    0x7ff6b0a9bc8e
                                                                                                                                                                                                    0x7ff6b0a9bc95
                                                                                                                                                                                                    0x7ff6b0a9bc9b
                                                                                                                                                                                                    0x7ff6b0a9bca0
                                                                                                                                                                                                    0x7ff6b0a9bca5
                                                                                                                                                                                                    0x7ff6b0a9bcaa
                                                                                                                                                                                                    0x7ff6b0a9bcaf
                                                                                                                                                                                                    0x7ff6b0a9bcb2
                                                                                                                                                                                                    0x7ff6b0a9bcb7
                                                                                                                                                                                                    0x7ff6b0a9bcbe
                                                                                                                                                                                                    0x7ff6b0a9bcc3
                                                                                                                                                                                                    0x7ff6b0a9bcc8
                                                                                                                                                                                                    0x7ff6b0a9bcca
                                                                                                                                                                                                    0x7ff6b0a9bcd7
                                                                                                                                                                                                    0x7ff6b0a9bcdd
                                                                                                                                                                                                    0x7ff6b0a9bceb
                                                                                                                                                                                                    0x7ff6b0a9bced
                                                                                                                                                                                                    0x7ff6b0a9bcf2
                                                                                                                                                                                                    0x7ff6b0a9bcfb
                                                                                                                                                                                                    0x7ff6b0a9bcff
                                                                                                                                                                                                    0x7ff6b0a9bd06
                                                                                                                                                                                                    0x7ff6b0a9bd08
                                                                                                                                                                                                    0x7ff6b0a9bd13
                                                                                                                                                                                                    0x7ff6b0a9bd26
                                                                                                                                                                                                    0x7ff6b0a9bd28
                                                                                                                                                                                                    0x7ff6b0a9bd30
                                                                                                                                                                                                    0x7ff6b0a9bd35
                                                                                                                                                                                                    0x7ff6b0a9bd3e
                                                                                                                                                                                                    0x7ff6b0a9bd43
                                                                                                                                                                                                    0x7ff6b0a9bd48
                                                                                                                                                                                                    0x7ff6b0a9bd54
                                                                                                                                                                                                    0x7ff6b0a9bd59
                                                                                                                                                                                                    0x7ff6b0a9bd66
                                                                                                                                                                                                    0x7ff6b0a9bd6d
                                                                                                                                                                                                    0x7ff6b0a9bd72
                                                                                                                                                                                                    0x7ff6b0a9bd74
                                                                                                                                                                                                    0x7ff6b0a9bd79
                                                                                                                                                                                                    0x7ff6b0a9bd81
                                                                                                                                                                                                    0x7ff6b0a9bd87
                                                                                                                                                                                                    0x7ff6b0a9bd99
                                                                                                                                                                                                    0x7ff6b0a9bd9b
                                                                                                                                                                                                    0x7ff6b0a9bda9
                                                                                                                                                                                                    0x7ff6b0a9bdac
                                                                                                                                                                                                    0x7ff6b0a9bdb3
                                                                                                                                                                                                    0x7ff6b0a9bdb9
                                                                                                                                                                                                    0x7ff6b0a9bdc5
                                                                                                                                                                                                    0x7ff6b0a9bdc7
                                                                                                                                                                                                    0x7ff6b0a9bdcb
                                                                                                                                                                                                    0x7ff6b0a9bdcb
                                                                                                                                                                                                    0x7ff6b0a9bdcf
                                                                                                                                                                                                    0x7ff6b0a9bdd6
                                                                                                                                                                                                    0x7ff6b0a9bdd8
                                                                                                                                                                                                    0x7ff6b0a9bddc
                                                                                                                                                                                                    0x7ff6b0a9bde3
                                                                                                                                                                                                    0x7ff6b0a9bde8
                                                                                                                                                                                                    0x7ff6b0a9bdea
                                                                                                                                                                                                    0x7ff6b0a9bdef
                                                                                                                                                                                                    0x7ff6b0a9bdf7
                                                                                                                                                                                                    0x7ff6b0a9bdfd
                                                                                                                                                                                                    0x7ff6b0a9be0f
                                                                                                                                                                                                    0x7ff6b0a9be11
                                                                                                                                                                                                    0x7ff6b0a9be16
                                                                                                                                                                                                    0x7ff6b0a9be1f
                                                                                                                                                                                                    0x7ff6b0a9be49

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 22a5dda9e8a811af525db2b3f1416110af8d8fcdbcad987767e050683361c72f
                                                                                                                                                                                                    • Instruction ID: 2ccd09cafc5e533b3d13f7f0ca6466ffceaa890e6f36d2e79d29e1ed04877992
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22a5dda9e8a811af525db2b3f1416110af8d8fcdbcad987767e050683361c72f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74516D23729B4592DB609B1AD280268ABA4FB44FA4F584A31DF5D877E6CF3DE851C310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9A9F0 Relevance: 12.1, APIs: 8, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                                                    			E00007FF67FF6B0A9A9F0(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rsi, intOrPtr* __r8, intOrPtr* __r9) {
				void* _t58;
				intOrPtr _t99;
				long long* _t102;
				intOrPtr* _t112;
				intOrPtr* _t116;
				signed short* _t120;
				long long _t123;
				intOrPtr _t124;
				void* _t126;
				void* _t127;
				intOrPtr _t138;

				 *((long long*)(_t126 + 8)) = __rbx;
				 *((long long*)(_t126 + 0x10)) = _t123;
				 *((long long*)(_t126 + 0x18)) = __rsi;
				_t127 = _t126 - 0x40;
				_t102 = _t127 + 0x20;
				 *_t102 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t102 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t124 =  *((intOrPtr*)(_t127 + 0x20));
				_t138 =  *((intOrPtr*)(_t127 + 0x28));
				if (_t124 == 0xfffffffc) goto 0xb0a9aa48;
				if (_t124 == 0) goto 0xb0a9aa43;
				if (_t124 ==  *((intOrPtr*)(__r9))) goto 0xb0a9aa48;
				E00007FF67FF6B0AA44B8();
				if (_t138 ==  *((intOrPtr*)(__r9 + 8))) goto 0xb0a9ab89;
				_t120 =  *((intOrPtr*)(__rcx));
				if (_t120 ==  *((intOrPtr*)(__rcx + 8))) goto 0xb0a9ab89;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t99 =  *((intOrPtr*)(_t127 + 0x30));
				_t116 =  *((intOrPtr*)(_t127 + 0x38));
				if (_t99 == 0xfffffffc) goto 0xb0a9aa8c;
				if (_t99 == 0) goto 0xb0a9aa87;
				if (_t99 ==  *((intOrPtr*)(__r9))) goto 0xb0a9aa8c;
				E00007FF67FF6B0AA44B8();
				if (_t116 ==  *((intOrPtr*)(__r9 + 8))) goto 0xb0a9ab18;
				if (_t120 ==  *((intOrPtr*)(__rcx + 8))) goto 0xb0a9ab18;
				if (_t99 == 0xfffffffc) goto 0xb0a9aad0;
				if (_t99 != 0) goto 0xb0a9aaad;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t99 + 0x20)) - 8 < 0) goto 0xb0a9aaba;
				goto 0xb0a9aabe;
				if (_t116 - _t99 + 8 +  *(_t99 + 0x18) * 2 < 0) goto 0xb0a9aad0;
				E00007FF67FF6B0AA44B8();
				if ( *_t116 != ( *_t120 & 0x0000ffff)) goto 0xb0a9ab18;
				if (_t99 == 0xfffffffc) goto 0xb0a9ab0b;
				if (_t99 != 0) goto 0xb0a9aae8;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t99 + 0x20)) - 8 < 0) goto 0xb0a9aaf5;
				goto 0xb0a9aaf9;
				if (_t116 - _t99 + 8 +  *(_t99 + 0x18) * 2 < 0) goto 0xb0a9ab0b;
				E00007FF67FF6B0AA44B8();
				goto 0xb0a9aa76;
				 *((long long*)(_t127 + 0x38)) = _t116 + 2;
				if ( &(_t120[1]) ==  *((intOrPtr*)(__rcx + 8))) goto 0xb0a9ab64;
				if (_t124 == 0xfffffffc) goto 0xb0a9ab56;
				if (_t124 != 0) goto 0xb0a9ab33;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t124 + 0x20)) - 8 < 0) goto 0xb0a9ab40;
				goto 0xb0a9ab44;
				if (_t138 - _t124 + 8 +  *(_t124 + 0x18) * 2 < 0) goto 0xb0a9ab56;
				_t58 = E00007FF67FF6B0AA44B8();
				 *((long long*)(_t127 + 0x28)) = _t138 + 2;
				goto 0xb0a9aa32;
				_t112 = _t127 + 0x20;
				 *__rdx =  *_t112;
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(_t112 + 8));
				 *((long long*)(__rdx + 0x10)) =  *((intOrPtr*)(_t127 + 0x30));
				goto 0xb0a9aba6;
				 *__rdx =  *((intOrPtr*)(__r9));
				 *((long long*)(__rdx + 8)) =  *((intOrPtr*)(__r9 + 8));
				 *((long long*)(__rdx + 0x10)) =  *((intOrPtr*)(__r9));
				 *((long long*)(__rdx + 0x18)) =  *((intOrPtr*)(__r9 + 8));
				return _t58;
			}














                                                                                                                                                                                                    0x7ff6b0a9a9f0
                                                                                                                                                                                                    0x7ff6b0a9a9f5
                                                                                                                                                                                                    0x7ff6b0a9a9fa
                                                                                                                                                                                                    0x7ff6b0a9aa08
                                                                                                                                                                                                    0x7ff6b0a9aa12
                                                                                                                                                                                                    0x7ff6b0a9aa17
                                                                                                                                                                                                    0x7ff6b0a9aa21
                                                                                                                                                                                                    0x7ff6b0a9aa25
                                                                                                                                                                                                    0x7ff6b0a9aa2a
                                                                                                                                                                                                    0x7ff6b0a9aa36
                                                                                                                                                                                                    0x7ff6b0a9aa3b
                                                                                                                                                                                                    0x7ff6b0a9aa41
                                                                                                                                                                                                    0x7ff6b0a9aa43
                                                                                                                                                                                                    0x7ff6b0a9aa4d
                                                                                                                                                                                                    0x7ff6b0a9aa53
                                                                                                                                                                                                    0x7ff6b0a9aa5b
                                                                                                                                                                                                    0x7ff6b0a9aa61
                                                                                                                                                                                                    0x7ff6b0a9aa66
                                                                                                                                                                                                    0x7ff6b0a9aa6c
                                                                                                                                                                                                    0x7ff6b0a9aa71
                                                                                                                                                                                                    0x7ff6b0a9aa7a
                                                                                                                                                                                                    0x7ff6b0a9aa7f
                                                                                                                                                                                                    0x7ff6b0a9aa85
                                                                                                                                                                                                    0x7ff6b0a9aa87
                                                                                                                                                                                                    0x7ff6b0a9aa91
                                                                                                                                                                                                    0x7ff6b0a9aa9b
                                                                                                                                                                                                    0x7ff6b0a9aaa1
                                                                                                                                                                                                    0x7ff6b0a9aaa6
                                                                                                                                                                                                    0x7ff6b0a9aaa8
                                                                                                                                                                                                    0x7ff6b0a9aab2
                                                                                                                                                                                                    0x7ff6b0a9aab8
                                                                                                                                                                                                    0x7ff6b0a9aac9
                                                                                                                                                                                                    0x7ff6b0a9aacb
                                                                                                                                                                                                    0x7ff6b0a9aad6
                                                                                                                                                                                                    0x7ff6b0a9aadc
                                                                                                                                                                                                    0x7ff6b0a9aae1
                                                                                                                                                                                                    0x7ff6b0a9aae3
                                                                                                                                                                                                    0x7ff6b0a9aaed
                                                                                                                                                                                                    0x7ff6b0a9aaf3
                                                                                                                                                                                                    0x7ff6b0a9ab04
                                                                                                                                                                                                    0x7ff6b0a9ab06
                                                                                                                                                                                                    0x7ff6b0a9ab13
                                                                                                                                                                                                    0x7ff6b0a9ab18
                                                                                                                                                                                                    0x7ff6b0a9ab21
                                                                                                                                                                                                    0x7ff6b0a9ab27
                                                                                                                                                                                                    0x7ff6b0a9ab2c
                                                                                                                                                                                                    0x7ff6b0a9ab2e
                                                                                                                                                                                                    0x7ff6b0a9ab38
                                                                                                                                                                                                    0x7ff6b0a9ab3e
                                                                                                                                                                                                    0x7ff6b0a9ab4f
                                                                                                                                                                                                    0x7ff6b0a9ab51
                                                                                                                                                                                                    0x7ff6b0a9ab5a
                                                                                                                                                                                                    0x7ff6b0a9ab5f
                                                                                                                                                                                                    0x7ff6b0a9ab64
                                                                                                                                                                                                    0x7ff6b0a9ab6c
                                                                                                                                                                                                    0x7ff6b0a9ab78
                                                                                                                                                                                                    0x7ff6b0a9ab7f
                                                                                                                                                                                                    0x7ff6b0a9ab87
                                                                                                                                                                                                    0x7ff6b0a9ab8d
                                                                                                                                                                                                    0x7ff6b0a9ab95
                                                                                                                                                                                                    0x7ff6b0a9ab9d
                                                                                                                                                                                                    0x7ff6b0a9abb8
                                                                                                                                                                                                    0x7ff6b0a9abcc

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: c39085dac5a8c37aa111a4ee3f5df2e94acb3f7c8a7dde8f4e7502a9263f1198
                                                                                                                                                                                                    • Instruction ID: b66278ef72a8cea7219877fb9a11559ac40c5ed88f7f0ec1feb9e7dae5f4ed8f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c39085dac5a8c37aa111a4ee3f5df2e94acb3f7c8a7dde8f4e7502a9263f1198
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15519223B09A45A2DA509F1DE0441797BA4FB687A4F154733EBAC837D6DF39E881C390
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A94D20 Relevance: 12.1, APIs: 8, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                                                                    			E00007FF67FF6B0A94D20(intOrPtr* __rcx, void* __rdx, char _a24) {
				long long _v32;
				char _v40;
				void* __rbx;
				void* __rsi;
				intOrPtr _t21;
				long long _t25;

				_a24 = r8b;
				_t25 =  *((intOrPtr*)(__rcx + 0x20));
				_t21 =  *((intOrPtr*)(__rcx + 0x18));
				_a24 = 0;
				if (_t25 - _t21 - __rdx >= 0) goto 0xb0a94d93;
				if (_t21 - _t25 <= 0) goto 0xb0a94d55;
				E00007FF67FF6B0AA44B8();
				_v32 = _t25;
				_v40 =  *((intOrPtr*)(__rcx));
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x20], xmm0");
				return E00007FF67FF6B0A953A0(__rcx, __rcx,  &_v40, _t25,  *((intOrPtr*)(__rcx + 0x18)) -  *((intOrPtr*)(__rcx + 0x20)) + __rdx,  &_a24);
			}









                                                                                                                                                                                                    0x7ff6b0a94d20
                                                                                                                                                                                                    0x7ff6b0a94d2d
                                                                                                                                                                                                    0x7ff6b0a94d34
                                                                                                                                                                                                    0x7ff6b0a94d3e
                                                                                                                                                                                                    0x7ff6b0a94d49
                                                                                                                                                                                                    0x7ff6b0a94d4e
                                                                                                                                                                                                    0x7ff6b0a94d50
                                                                                                                                                                                                    0x7ff6b0a94d5c
                                                                                                                                                                                                    0x7ff6b0a94d65
                                                                                                                                                                                                    0x7ff6b0a94d6f
                                                                                                                                                                                                    0x7ff6b0a94d74
                                                                                                                                                                                                    0x7ff6b0a94d92

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 1051cff0eb89c7fb68da50a8adb59ec4bf6f1c5a90234f486663dca69e2acc4d
                                                                                                                                                                                                    • Instruction ID: 8378fbea90b55aaea46c3ce073b41427473b411ffb99d82d558cf0be783a9324
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1051cff0eb89c7fb68da50a8adb59ec4bf6f1c5a90234f486663dca69e2acc4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD419967B08A8196E620AF28E1005BDAB99FB48BC4F540931EF8C5778BDF3DE451C350
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB4E0C Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF67FF6B0AB4E0C(void* __ebx, signed int __ecx, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a16, long long _a24) {
				signed long long _v56;
				void* __rdi;
				void* __r12;
				void* _t30;
				void* _t47;
				intOrPtr* _t52;
				signed long long _t54;
				signed long long _t55;
				signed long long _t63;
				signed long long _t65;
				signed long long _t68;
				void* _t75;
				void* _t76;
				signed long long _t78;

				_t74 = __r8;
				_t70 = __rbp;
				_t60 = __rcx;
				_t30 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				_t76 = __rdx;
				_t58 = __ecx;
				if (__ebx != 0xfffffffe) goto 0xb0ab4e52;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax = 0;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab4f2b;
				if (__ebx < 0) goto 0xb0ab4f01;
				_t47 = _t30 -  *0xb0ae89c0; // 0x20
				if (_t47 >= 0) goto 0xb0ab4f01;
				_t78 = __ecx >> 5;
				_t68 = __ecx * 0x58;
				_t52 =  *((intOrPtr*)(0xb0ae89e0 + _t78 * 8));
				if (_t47 != 0) goto 0xb0ab4eba;
				E00007FF67FF6B0AA78CC(_t52);
				 *_t52 = 0;
				E00007FF67FF6B0AA78AC(_t52);
				 *_t52 = 9;
				_v56 = _t63;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t52, __ecx, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0xb0ab4f2b;
				E00007FF67FF6B0AB593C(_t30, _t30, _t58, _t63, _t68, _t75);
				_t54 =  *((intOrPtr*)(0xb0ae89e0 + _t78 * 8));
				if (( *(_t54 + _t68 + 8) & 0x00000001) == 0) goto 0xb0ab4edf;
				r8d = r12d;
				E00007FF67FF6B0AB4D74(_t30, _t30, _t54, _t58, _t76);
				goto 0xb0ab4ef5;
				E00007FF67FF6B0AA78AC(_t54);
				 *_t54 = 9;
				E00007FF67FF6B0AA78CC(_t54);
				 *_t54 = 0;
				_t65 = _t54 | 0xffffffff;
				E00007FF67FF6B0AB59E4();
				_t55 = _t65;
				goto 0xb0ab4f2b;
				E00007FF67FF6B0AA78CC(_t55);
				 *_t55 = 0;
				E00007FF67FF6B0AA78AC(_t55);
				 *_t55 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t55, _t58, _t60, _t76, _t68, _t70, _t74);
			}

















                                                                                                                                                                                                    0x7ff6b0ab4e0c
                                                                                                                                                                                                    0x7ff6b0ab4e0c
                                                                                                                                                                                                    0x7ff6b0ab4e0c
                                                                                                                                                                                                    0x7ff6b0ab4e0c
                                                                                                                                                                                                    0x7ff6b0ab4e0c
                                                                                                                                                                                                    0x7ff6b0ab4e11
                                                                                                                                                                                                    0x7ff6b0ab4e16
                                                                                                                                                                                                    0x7ff6b0ab4e27
                                                                                                                                                                                                    0x7ff6b0ab4e2a
                                                                                                                                                                                                    0x7ff6b0ab4e2d
                                                                                                                                                                                                    0x7ff6b0ab4e33
                                                                                                                                                                                                    0x7ff6b0ab4e35
                                                                                                                                                                                                    0x7ff6b0ab4e3c
                                                                                                                                                                                                    0x7ff6b0ab4e3e
                                                                                                                                                                                                    0x7ff6b0ab4e43
                                                                                                                                                                                                    0x7ff6b0ab4e4d
                                                                                                                                                                                                    0x7ff6b0ab4e56
                                                                                                                                                                                                    0x7ff6b0ab4e5c
                                                                                                                                                                                                    0x7ff6b0ab4e62
                                                                                                                                                                                                    0x7ff6b0ab4e6e
                                                                                                                                                                                                    0x7ff6b0ab4e7c
                                                                                                                                                                                                    0x7ff6b0ab4e80
                                                                                                                                                                                                    0x7ff6b0ab4e8c
                                                                                                                                                                                                    0x7ff6b0ab4e8e
                                                                                                                                                                                                    0x7ff6b0ab4e93
                                                                                                                                                                                                    0x7ff6b0ab4e95
                                                                                                                                                                                                    0x7ff6b0ab4e9a
                                                                                                                                                                                                    0x7ff6b0ab4ea0
                                                                                                                                                                                                    0x7ff6b0ab4ea5
                                                                                                                                                                                                    0x7ff6b0ab4ea8
                                                                                                                                                                                                    0x7ff6b0ab4eaf
                                                                                                                                                                                                    0x7ff6b0ab4eb8
                                                                                                                                                                                                    0x7ff6b0ab4ebc
                                                                                                                                                                                                    0x7ff6b0ab4ec2
                                                                                                                                                                                                    0x7ff6b0ab4ecb
                                                                                                                                                                                                    0x7ff6b0ab4ecd
                                                                                                                                                                                                    0x7ff6b0ab4ed5
                                                                                                                                                                                                    0x7ff6b0ab4edd
                                                                                                                                                                                                    0x7ff6b0ab4edf
                                                                                                                                                                                                    0x7ff6b0ab4ee4
                                                                                                                                                                                                    0x7ff6b0ab4eea
                                                                                                                                                                                                    0x7ff6b0ab4eef
                                                                                                                                                                                                    0x7ff6b0ab4ef1
                                                                                                                                                                                                    0x7ff6b0ab4ef7
                                                                                                                                                                                                    0x7ff6b0ab4efc
                                                                                                                                                                                                    0x7ff6b0ab4eff
                                                                                                                                                                                                    0x7ff6b0ab4f01
                                                                                                                                                                                                    0x7ff6b0ab4f06
                                                                                                                                                                                                    0x7ff6b0ab4f08
                                                                                                                                                                                                    0x7ff6b0ab4f0d
                                                                                                                                                                                                    0x7ff6b0ab4f13
                                                                                                                                                                                                    0x7ff6b0ab4f18
                                                                                                                                                                                                    0x7ff6b0ab4f1b
                                                                                                                                                                                                    0x7ff6b0ab4f42

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: fd70bf307f78bc1a0b30db4c381cd12ef6fe9862424e331efe26ad2a528cd58b
                                                                                                                                                                                                    • Instruction ID: 78db8961a2ab1eb9e93a650755e6d4076ef0ca75a414328e53540ac6224a9e4b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd70bf307f78bc1a0b30db4c381cd12ef6fe9862424e331efe26ad2a528cd58b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0318B23A18656A1E6116F39AC4167E7E55AB80BB0F259B35EB3987BD3CE3CA4418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB1650 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                                                                    			E00007FF67FF6B0AB1650(void* __ebx, signed int __ecx, signed int __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, void* __r11, signed int _a8, long long _a16, long long _a24) {
				long long _v56;
				void* __rdi;
				void* __r12;
				void* _t34;
				signed int _t47;
				void* _t53;
				signed int* _t57;
				signed int* _t58;
				long long _t65;
				signed long long _t68;
				void* _t75;
				void* _t76;
				void* _t77;
				signed long long _t79;

				_t75 = __r11;
				_t74 = __r8;
				_t70 = __rbp;
				_t62 = __rcx;
				_t34 = __ebx;
				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r12d = r8d;
				_t77 = __rdx;
				_t60 = __ecx;
				if (__ebx != 0xfffffffe) goto 0xb0ab1695;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax = 0;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab1769;
				if (__ebx < 0) goto 0xb0ab1740;
				_t53 = _t34 -  *0xb0ae89c0; // 0x20
				if (_t53 >= 0) goto 0xb0ab1740;
				_t79 = __ecx >> 5;
				_t68 = __ecx * 0x58;
				_t57 =  *((intOrPtr*)(0xb0ae89e0 + _t79 * 8));
				if (_t53 != 0) goto 0xb0ab16fc;
				E00007FF67FF6B0AA78CC(_t57);
				 *_t57 = 0;
				E00007FF67FF6B0AA78AC(_t57);
				 *_t57 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t57, __ecx, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0xb0ab1769;
				E00007FF67FF6B0AB593C(_t34, _t34, _t60, _t65, _t68, _t76);
				_t58 =  *((intOrPtr*)(0xb0ae89e0 + _t79 * 8));
				if (( *(_t58 + _t68 + 8) & 0x00000001) == 0) goto 0xb0ab1720;
				r8d = r12d;
				_t47 = E00007FF67FF6B0AB0EF0(_t34, _t34, __esi & 0x0000001f, _t58, _t60, _t62, _t77, _t74, _t75);
				goto 0xb0ab1735;
				E00007FF67FF6B0AA78AC(_t58);
				 *_t58 = 9;
				E00007FF67FF6B0AA78CC(_t58);
				 *_t58 = _t47;
				E00007FF67FF6B0AB59E4();
				goto 0xb0ab1769;
				E00007FF67FF6B0AA78CC(_t58);
				 *_t58 = _t47 | 0xffffffff;
				E00007FF67FF6B0AA78AC(_t58);
				 *_t58 = 9;
				_v56 = _t65;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t58, _t60, _t62, _t77, _t68, _t70, _t74) | 0xffffffff;
			}

















                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1650
                                                                                                                                                                                                    0x7ff6b0ab1655
                                                                                                                                                                                                    0x7ff6b0ab165a
                                                                                                                                                                                                    0x7ff6b0ab166b
                                                                                                                                                                                                    0x7ff6b0ab166e
                                                                                                                                                                                                    0x7ff6b0ab1671
                                                                                                                                                                                                    0x7ff6b0ab1677
                                                                                                                                                                                                    0x7ff6b0ab1679
                                                                                                                                                                                                    0x7ff6b0ab1680
                                                                                                                                                                                                    0x7ff6b0ab1682
                                                                                                                                                                                                    0x7ff6b0ab1687
                                                                                                                                                                                                    0x7ff6b0ab1690
                                                                                                                                                                                                    0x7ff6b0ab1699
                                                                                                                                                                                                    0x7ff6b0ab169f
                                                                                                                                                                                                    0x7ff6b0ab16a5
                                                                                                                                                                                                    0x7ff6b0ab16b1
                                                                                                                                                                                                    0x7ff6b0ab16bf
                                                                                                                                                                                                    0x7ff6b0ab16c3
                                                                                                                                                                                                    0x7ff6b0ab16cf
                                                                                                                                                                                                    0x7ff6b0ab16d1
                                                                                                                                                                                                    0x7ff6b0ab16d6
                                                                                                                                                                                                    0x7ff6b0ab16d8
                                                                                                                                                                                                    0x7ff6b0ab16dd
                                                                                                                                                                                                    0x7ff6b0ab16e3
                                                                                                                                                                                                    0x7ff6b0ab16e8
                                                                                                                                                                                                    0x7ff6b0ab16eb
                                                                                                                                                                                                    0x7ff6b0ab16f2
                                                                                                                                                                                                    0x7ff6b0ab16fa
                                                                                                                                                                                                    0x7ff6b0ab16fe
                                                                                                                                                                                                    0x7ff6b0ab1704
                                                                                                                                                                                                    0x7ff6b0ab170d
                                                                                                                                                                                                    0x7ff6b0ab170f
                                                                                                                                                                                                    0x7ff6b0ab171c
                                                                                                                                                                                                    0x7ff6b0ab171e
                                                                                                                                                                                                    0x7ff6b0ab1720
                                                                                                                                                                                                    0x7ff6b0ab1725
                                                                                                                                                                                                    0x7ff6b0ab172b
                                                                                                                                                                                                    0x7ff6b0ab1730
                                                                                                                                                                                                    0x7ff6b0ab1737
                                                                                                                                                                                                    0x7ff6b0ab173e
                                                                                                                                                                                                    0x7ff6b0ab1740
                                                                                                                                                                                                    0x7ff6b0ab1745
                                                                                                                                                                                                    0x7ff6b0ab1747
                                                                                                                                                                                                    0x7ff6b0ab174c
                                                                                                                                                                                                    0x7ff6b0ab1752
                                                                                                                                                                                                    0x7ff6b0ab1757
                                                                                                                                                                                                    0x7ff6b0ab175a
                                                                                                                                                                                                    0x7ff6b0ab1780

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 3340a66846d07b0f9e714060594e045375b321804dd7a017f53166dadd991860
                                                                                                                                                                                                    • Instruction ID: 31e767c729a028083fb49784ccecf09864cde411df94d0916a0b542f045e6735
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3340a66846d07b0f9e714060594e045375b321804dd7a017f53166dadd991860
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE31C533E1824665E3115F39AC4167E3E51BB80790F658E35EB29877D3CE3CE4418B00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB1A0C Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AB1A0C(void* __ebx, signed int __ecx, void* __esi, signed int* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __rbp, void* __r8, signed int _a8, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				void* __r12;
				signed int _t26;
				void* _t33;
				void* _t52;
				signed int* _t56;
				signed int* _t57;
				long long _t63;
				signed long long _t66;
				signed long long _t74;

				_t72 = __r8;
				_t68 = __rbp;
				_t62 = __rdx;
				_t61 = __rcx;
				_t33 = __ebx;
				_a24 = __rbx;
				_a32 = __rsi;
				_a8 = __ecx;
				_t59 = __ecx;
				if (__ebx != 0xfffffffe) goto 0xb0ab1a47;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax = 0;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab1b10;
				if (__ebx < 0) goto 0xb0ab1ae7;
				_t52 = _t33 -  *0xb0ae89c0; // 0x20
				if (_t52 >= 0) goto 0xb0ab1ae7;
				_t74 = __ecx >> 5;
				_t66 = __ecx * 0x58;
				_t56 =  *((intOrPtr*)(0xb0ae89e0 + _t74 * 8));
				if (_t52 != 0) goto 0xb0ab1aaf;
				E00007FF67FF6B0AA78CC(_t56);
				 *_t56 = 0;
				E00007FF67FF6B0AA78AC(_t56);
				 *_t56 = 9;
				_v40 = _t63;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t56, __ecx, __rcx, __rdx, _t66, __rbp, __r8);
				goto 0xb0ab1b10;
				E00007FF67FF6B0AB593C(_t33, _t33, _t59, _t63, _t66, _t74);
				_t57 =  *((intOrPtr*)(0xb0ae89e0 + _t74 * 8));
				if (( *(_t57 + _t66 + 8) & 0x00000001) == 0) goto 0xb0ab1ace;
				_t26 = E00007FF67FF6B0AB1950(_t33, 0, _t57, _t59);
				goto 0xb0ab1adc;
				E00007FF67FF6B0AA78AC(_t57);
				 *_t57 = 9;
				E00007FF67FF6B0AB59E4();
				goto 0xb0ab1b10;
				E00007FF67FF6B0AA78CC(_t57);
				 *_t57 = _t26 | 0xffffffff;
				E00007FF67FF6B0AA78AC(_t57);
				 *_t57 = 9;
				_v40 = _t63;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t57, _t59, _t61, _t62, _t66, _t68, _t72) | 0xffffffff;
			}














                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a0c
                                                                                                                                                                                                    0x7ff6b0ab1a11
                                                                                                                                                                                                    0x7ff6b0ab1a16
                                                                                                                                                                                                    0x7ff6b0ab1a23
                                                                                                                                                                                                    0x7ff6b0ab1a29
                                                                                                                                                                                                    0x7ff6b0ab1a2b
                                                                                                                                                                                                    0x7ff6b0ab1a32
                                                                                                                                                                                                    0x7ff6b0ab1a34
                                                                                                                                                                                                    0x7ff6b0ab1a39
                                                                                                                                                                                                    0x7ff6b0ab1a42
                                                                                                                                                                                                    0x7ff6b0ab1a4b
                                                                                                                                                                                                    0x7ff6b0ab1a51
                                                                                                                                                                                                    0x7ff6b0ab1a57
                                                                                                                                                                                                    0x7ff6b0ab1a63
                                                                                                                                                                                                    0x7ff6b0ab1a71
                                                                                                                                                                                                    0x7ff6b0ab1a75
                                                                                                                                                                                                    0x7ff6b0ab1a82
                                                                                                                                                                                                    0x7ff6b0ab1a84
                                                                                                                                                                                                    0x7ff6b0ab1a89
                                                                                                                                                                                                    0x7ff6b0ab1a8b
                                                                                                                                                                                                    0x7ff6b0ab1a90
                                                                                                                                                                                                    0x7ff6b0ab1a96
                                                                                                                                                                                                    0x7ff6b0ab1a9b
                                                                                                                                                                                                    0x7ff6b0ab1a9e
                                                                                                                                                                                                    0x7ff6b0ab1aa5
                                                                                                                                                                                                    0x7ff6b0ab1aad
                                                                                                                                                                                                    0x7ff6b0ab1ab1
                                                                                                                                                                                                    0x7ff6b0ab1ab7
                                                                                                                                                                                                    0x7ff6b0ab1ac1
                                                                                                                                                                                                    0x7ff6b0ab1ac5
                                                                                                                                                                                                    0x7ff6b0ab1acc
                                                                                                                                                                                                    0x7ff6b0ab1ace
                                                                                                                                                                                                    0x7ff6b0ab1ad3
                                                                                                                                                                                                    0x7ff6b0ab1ade
                                                                                                                                                                                                    0x7ff6b0ab1ae5
                                                                                                                                                                                                    0x7ff6b0ab1ae7
                                                                                                                                                                                                    0x7ff6b0ab1aec
                                                                                                                                                                                                    0x7ff6b0ab1aee
                                                                                                                                                                                                    0x7ff6b0ab1af3
                                                                                                                                                                                                    0x7ff6b0ab1af9
                                                                                                                                                                                                    0x7ff6b0ab1afe
                                                                                                                                                                                                    0x7ff6b0ab1b01
                                                                                                                                                                                                    0x7ff6b0ab1b23

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 45ca130e8ce689a6ec9fb1e7b1bd1d1e802a5172bf7414796e69646001ebef35
                                                                                                                                                                                                    • Instruction ID: 999cd58c8c483c5c084c49de37278c617e25d24e1bb1791d91940e8b8a94c3c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45ca130e8ce689a6ec9fb1e7b1bd1d1e802a5172bf7414796e69646001ebef35
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F31B133E2868692E3115F79AC4263E3E51AF80790FA58E35EB29877D3CE3CB4418704
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA64C8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF67FF6B0AA64C8(void* __eflags, long long __rbx, void* __rcx, long long __rdx, long long __rdi, long long __rsi, signed int** __r8) {
				signed int _t59;
				signed int _t60;
				void* _t79;
				void* _t87;
				void* _t123;
				signed int _t129;
				intOrPtr* _t140;
				intOrPtr* _t141;
				signed int* _t144;
				signed int* _t145;
				signed int* _t146;
				signed int* _t149;
				signed long long _t153;
				long long _t161;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr _t169;
				void* _t171;
				void* _t175;
				signed int** _t176;
				void* _t178;
				signed int* _t179;

				_t159 = __rsi;
				_t140 = _t163;
				 *((long long*)(_t140 + 8)) = __rbx;
				 *((long long*)(_t140 + 0x10)) = _t161;
				 *((long long*)(_t140 + 0x18)) = __rsi;
				 *((long long*)(_t140 + 0x20)) = __rdi;
				_t164 = _t163 - 0x50;
				_t179 = __rdx;
				_t153 = _t140 - 0x38;
				r12d = r9d;
				_t176 = __r8;
				E00007FF67FF6B0AA4E5C(_t140, _t153, __rcx);
				if (__r8 == 0) goto 0xb0aa6503;
				 *((long long*)(__r8)) = __rdx;
				if (__rdx != 0) goto 0xb0aa6532;
				E00007FF67FF6B0AA78AC(_t140);
				 *(_t164 + 0x20) =  *(_t164 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t140 = 0x16;
				E00007FF67FF6B0AA4430(_t140, __rbx, _t153, __rcx, __rsi, _t161, __r8, _t178, _t175);
				goto 0xb0aa671b;
				if (r12d == 0) goto 0xb0aa6543;
				if (r12d - 2 < 0) goto 0xb0aa6508;
				if (r12d - 0x24 > 0) goto 0xb0aa6508;
				bpl =  *_t179;
				_t144 =  &(_t179[0]);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x30)) + 0x10c)) - 1 <= 0) goto 0xb0aa6575;
				E00007FF67FF6B0AAFA5C(bpl & 0xffffffff, 8, 0,  *((intOrPtr*)( *((intOrPtr*)(_t164 + 0x30)) + 0x10c)) - 1, _t140, _t159, _t161, _t164 + 0x30, _t171);
				_t169 =  *((intOrPtr*)(_t164 + 0x30));
				goto 0xb0aa6587;
				_t141 =  *((intOrPtr*)(_t169 + 0x140));
				_t59 =  *(_t141 + _t153 * 2) & 8;
				if (_t59 == 0) goto 0xb0aa6593;
				bpl =  *_t144;
				_t145 =  &(_t144[0]);
				goto 0xb0aa6551;
				if (bpl != 0x2d) goto 0xb0aa65a5;
				goto 0xb0aa65ab;
				if (bpl != 0x2b) goto 0xb0aa65b1;
				bpl =  *_t145;
				_t146 =  &(_t145[0]);
				if (r12d < 0) goto 0xb0aa670d;
				if (r12d == 1) goto 0xb0aa670d;
				if (r12d - 0x24 > 0) goto 0xb0aa670d;
				if (r12d != 0) goto 0xb0aa65fb;
				if (bpl == 0x30) goto 0xb0aa65e1;
				r12d = 0xa;
				goto 0xb0aa6619;
				if ( *_t146 == 0x78) goto 0xb0aa65f3;
				if ( *_t146 == 0x58) goto 0xb0aa65f3;
				r12d = 8;
				goto 0xb0aa6619;
				r12d = 0x10;
				goto 0xb0aa6607;
				if (r12d != 0x10) goto 0xb0aa6619;
				if (bpl != 0x30) goto 0xb0aa6619;
				if ( *_t146 == 0x78) goto 0xb0aa6611;
				if ( *_t146 != 0x58) goto 0xb0aa6619;
				bpl = _t146[0];
				_t60 = _t59 | 0xffffffff;
				r9d = _t60 / r12d;
				r8d =  *( *((intOrPtr*)(_t169 + 0x140)) + _t153 * 2) & 0x0000ffff;
				if ((r8b & 0x00000004) == 0) goto 0xb0aa6643;
				goto 0xb0aa665d;
				if ((r8d & 0x00000103) == 0) goto 0xb0aa6678;
				if (_t161 - 0x61 - 0x19 > 0) goto 0xb0aa665a;
				_t79 = bpl - 0x20 + 0xffffffc9;
				if (_t79 - r12d >= 0) goto 0xb0aa6678;
				_t123 = 0 - r9d;
				if (_t123 < 0) goto 0xb0aa668c;
				if (_t123 != 0) goto 0xb0aa6670;
				if (_t79 - _t60 % r12d <= 0) goto 0xb0aa668c;
				if (_t176 != 0) goto 0xb0aa6692;
				if ((sil & 0x00000008) != 0) goto 0xb0aa669a;
				_t149 =  !=  ? _t179 :  &(_t146[0]) - 1;
				goto 0xb0aa66e5;
				_t87 = 0 * r12d + _t79;
				bpl =  *_t149;
				goto 0xb0aa662b;
				if ((sil & 0x00000004) != 0) goto 0xb0aa66c2;
				_t129 = sil & 0x00000001;
				if (_t129 != 0) goto 0xb0aa66e5;
				if (_t129 == 0) goto 0xb0aa66ba;
				if (_t87 - 0x80000000 > 0) goto 0xb0aa66c2;
				if ((( *(_t164 + 0x90) | 0xe) & 0x00000002) != 0) goto 0xb0aa66e5;
				if (_t87 - 0x7fffffff <= 0) goto 0xb0aa66e5;
				E00007FF67FF6B0AA78AC(_t141);
				 *_t141 = 0x22;
				if ((sil & 0x00000001) == 0) goto 0xb0aa66d8;
				goto 0xb0aa66e5;
				asm("sbb edi, edi");
				if (_t176 == 0) goto 0xb0aa66ee;
				 *_t176 =  &(_t149[0]);
				if ((sil & 0x00000002) == 0) goto 0xb0aa66f6;
				if ( *((char*)(_t164 + 0x48)) == 0) goto 0xb0aa6709;
				 *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0aa672b;
				if (_t176 == 0) goto 0xb0aa6716;
				 *_t176 = _t179;
				if ( *((intOrPtr*)(_t164 + 0x48)) == dil) goto 0xb0aa6729;
				 *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t164 + 0x40)) + 0xc8) & 0xfffffffd;
				return 0;
			}

























                                                                                                                                                                                                    0x7ff6b0aa64c8
                                                                                                                                                                                                    0x7ff6b0aa64c8
                                                                                                                                                                                                    0x7ff6b0aa64cb
                                                                                                                                                                                                    0x7ff6b0aa64cf
                                                                                                                                                                                                    0x7ff6b0aa64d3
                                                                                                                                                                                                    0x7ff6b0aa64d7
                                                                                                                                                                                                    0x7ff6b0aa64e1
                                                                                                                                                                                                    0x7ff6b0aa64e5
                                                                                                                                                                                                    0x7ff6b0aa64eb
                                                                                                                                                                                                    0x7ff6b0aa64ef
                                                                                                                                                                                                    0x7ff6b0aa64f2
                                                                                                                                                                                                    0x7ff6b0aa64f5
                                                                                                                                                                                                    0x7ff6b0aa64fd
                                                                                                                                                                                                    0x7ff6b0aa64ff
                                                                                                                                                                                                    0x7ff6b0aa6506
                                                                                                                                                                                                    0x7ff6b0aa6508
                                                                                                                                                                                                    0x7ff6b0aa650d
                                                                                                                                                                                                    0x7ff6b0aa6513
                                                                                                                                                                                                    0x7ff6b0aa6516
                                                                                                                                                                                                    0x7ff6b0aa651d
                                                                                                                                                                                                    0x7ff6b0aa6523
                                                                                                                                                                                                    0x7ff6b0aa652d
                                                                                                                                                                                                    0x7ff6b0aa6535
                                                                                                                                                                                                    0x7ff6b0aa653b
                                                                                                                                                                                                    0x7ff6b0aa6541
                                                                                                                                                                                                    0x7ff6b0aa6543
                                                                                                                                                                                                    0x7ff6b0aa654d
                                                                                                                                                                                                    0x7ff6b0aa6559
                                                                                                                                                                                                    0x7ff6b0aa6569
                                                                                                                                                                                                    0x7ff6b0aa656e
                                                                                                                                                                                                    0x7ff6b0aa6573
                                                                                                                                                                                                    0x7ff6b0aa6575
                                                                                                                                                                                                    0x7ff6b0aa6584
                                                                                                                                                                                                    0x7ff6b0aa6589
                                                                                                                                                                                                    0x7ff6b0aa658b
                                                                                                                                                                                                    0x7ff6b0aa658e
                                                                                                                                                                                                    0x7ff6b0aa6591
                                                                                                                                                                                                    0x7ff6b0aa659e
                                                                                                                                                                                                    0x7ff6b0aa65a3
                                                                                                                                                                                                    0x7ff6b0aa65a9
                                                                                                                                                                                                    0x7ff6b0aa65ab
                                                                                                                                                                                                    0x7ff6b0aa65ae
                                                                                                                                                                                                    0x7ff6b0aa65b4
                                                                                                                                                                                                    0x7ff6b0aa65be
                                                                                                                                                                                                    0x7ff6b0aa65c8
                                                                                                                                                                                                    0x7ff6b0aa65d1
                                                                                                                                                                                                    0x7ff6b0aa65d7
                                                                                                                                                                                                    0x7ff6b0aa65d9
                                                                                                                                                                                                    0x7ff6b0aa65df
                                                                                                                                                                                                    0x7ff6b0aa65e4
                                                                                                                                                                                                    0x7ff6b0aa65e9
                                                                                                                                                                                                    0x7ff6b0aa65eb
                                                                                                                                                                                                    0x7ff6b0aa65f1
                                                                                                                                                                                                    0x7ff6b0aa65f3
                                                                                                                                                                                                    0x7ff6b0aa65f9
                                                                                                                                                                                                    0x7ff6b0aa65ff
                                                                                                                                                                                                    0x7ff6b0aa6605
                                                                                                                                                                                                    0x7ff6b0aa660a
                                                                                                                                                                                                    0x7ff6b0aa660f
                                                                                                                                                                                                    0x7ff6b0aa6611
                                                                                                                                                                                                    0x7ff6b0aa6622
                                                                                                                                                                                                    0x7ff6b0aa6628
                                                                                                                                                                                                    0x7ff6b0aa662f
                                                                                                                                                                                                    0x7ff6b0aa6638
                                                                                                                                                                                                    0x7ff6b0aa6641
                                                                                                                                                                                                    0x7ff6b0aa664a
                                                                                                                                                                                                    0x7ff6b0aa6655
                                                                                                                                                                                                    0x7ff6b0aa665a
                                                                                                                                                                                                    0x7ff6b0aa6660
                                                                                                                                                                                                    0x7ff6b0aa6665
                                                                                                                                                                                                    0x7ff6b0aa6668
                                                                                                                                                                                                    0x7ff6b0aa666a
                                                                                                                                                                                                    0x7ff6b0aa666e
                                                                                                                                                                                                    0x7ff6b0aa6676
                                                                                                                                                                                                    0x7ff6b0aa667f
                                                                                                                                                                                                    0x7ff6b0aa6684
                                                                                                                                                                                                    0x7ff6b0aa668a
                                                                                                                                                                                                    0x7ff6b0aa6690
                                                                                                                                                                                                    0x7ff6b0aa6692
                                                                                                                                                                                                    0x7ff6b0aa6698
                                                                                                                                                                                                    0x7ff6b0aa66a3
                                                                                                                                                                                                    0x7ff6b0aa66a5
                                                                                                                                                                                                    0x7ff6b0aa66a9
                                                                                                                                                                                                    0x7ff6b0aa66b0
                                                                                                                                                                                                    0x7ff6b0aa66b8
                                                                                                                                                                                                    0x7ff6b0aa66bc
                                                                                                                                                                                                    0x7ff6b0aa66c0
                                                                                                                                                                                                    0x7ff6b0aa66c2
                                                                                                                                                                                                    0x7ff6b0aa66c7
                                                                                                                                                                                                    0x7ff6b0aa66d1
                                                                                                                                                                                                    0x7ff6b0aa66d6
                                                                                                                                                                                                    0x7ff6b0aa66df
                                                                                                                                                                                                    0x7ff6b0aa66e8
                                                                                                                                                                                                    0x7ff6b0aa66ea
                                                                                                                                                                                                    0x7ff6b0aa66f2
                                                                                                                                                                                                    0x7ff6b0aa66fb
                                                                                                                                                                                                    0x7ff6b0aa6702
                                                                                                                                                                                                    0x7ff6b0aa670b
                                                                                                                                                                                                    0x7ff6b0aa6710
                                                                                                                                                                                                    0x7ff6b0aa6712
                                                                                                                                                                                                    0x7ff6b0aa671b
                                                                                                                                                                                                    0x7ff6b0aa6722
                                                                                                                                                                                                    0x7ff6b0aa6749

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_getptd
                                                                                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                                                                                    • API String ID: 3432092939-699404926
                                                                                                                                                                                                    • Opcode ID: aad5d6a6d4a97e1526b7f6d55b50bd1c2d78e1ed061e41c5c93955d9012505b4
                                                                                                                                                                                                    • Instruction ID: af232a02e544073e89e2b444551778d2e6bcf76c0a722551be647d0e3ad49f92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aad5d6a6d4a97e1526b7f6d55b50bd1c2d78e1ed061e41c5c93955d9012505b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E471E423D1C683A8FBB94A1DC41537A2E91AB44F58F356936DB5E827C7DF2CE8408B01
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AC8B10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AC8B10(void* __ebx, void* __edi, void* __eflags, long long __rbx, signed int __rcx, void* __rdx, void* __r9) {
				void* __rsi;
				signed int _t116;
				void* _t139;
				long long* _t145;
				void* _t150;
				void* _t152;
				void* _t158;
				intOrPtr _t162;
				intOrPtr _t163;
				long long _t165;
				void* _t183;
				long long _t186;
				void* _t188;
				void* _t189;
				long long _t190;
				signed int _t191;
				void* _t193;
				void* _t194;
				intOrPtr _t203;
				long long _t205;
				void* _t208;
				long long _t209;

				_t139 = _t193;
				_t194 = _t193 - 0xa0;
				 *((long long*)(_t194 + 0x30)) = 0xfffffffe;
				 *((long long*)(_t139 + 0x10)) = __rbx;
				 *((long long*)(_t139 + 0x18)) = _t190;
				_t191 = __rcx;
				if (__eflags != 0) goto 0xb0ac8b4d;
				goto 0xb0ac8e5a;
				if (__rdx == 0) goto 0xb0ac8b72;
				goto 0xb0ac8e5a;
				_t145 =  *((intOrPtr*)(__rcx + 0x230)) -  *((intOrPtr*)(__rcx + 0x228));
				_t116 = 0 % __rcx;
				if (_t145 - 1 >= 0) goto 0xb0ac8b95;
				goto 0xb0ac8e5a;
				 *((char*)(_t194 + 0xd0)) = 0;
				_t158 =  *((intOrPtr*)(__rcx + 0x230)) -  *((intOrPtr*)(__rcx + 0x228));
				E00007FF67FF6B0AA45E0(_t145, __rcx);
				r14d = 0;
				if (_t145 == 0) goto 0xb0ac8bc7;
				 *_t145 = _t194 + 0x70;
				goto 0xb0ac8bca;
				 *((long long*)(_t194 + 0x70)) = _t209;
				E00007FF67FF6B0A94CA0(_t209, _t158, _t194 + 0x70, _t158, _t188, _t194 + 0xd0);
				if ( *((intOrPtr*)(_t194 + 0x90)) !=  *((intOrPtr*)(_t194 + 0x88))) goto 0xb0ac8c07;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t191 + 0x230)) !=  *((intOrPtr*)(_t191 + 0x228))) goto 0xb0ac8c1c;
				E00007FF67FF6B0AA44B8();
				 *((intOrPtr*)(_t194 + 0x20)) = r14d;
				r9d = __edi;
				E00007FF67FF6B0AC77F0(_t191 + 0x20,  *((intOrPtr*)(_t191 + 0x228)), _t188,  *((intOrPtr*)(_t194 + 0x88)));
				_t150 =  *((intOrPtr*)(_t194 + 0x90)) -  *((intOrPtr*)(_t194 + 0x88));
				_t183 = _t150 - 1;
				if (_t183 - _t150 < 0) goto 0xb0ac8c6b;
				E00007FF67FF6B0AA44B8();
				_t162 =  *((intOrPtr*)(_t194 + 0x88));
				r12d =  *(_t162 + _t183) & 0x000000ff;
				if (r12b == 0) goto 0xb0ac8d60;
				if ((r12b & 0xffffffff) -  *((intOrPtr*)(_t191 + 0x2a4)) > 0) goto 0xb0ac8d2a;
				if (r12b - 1 < 0) goto 0xb0ac8d2a;
				r13d = r12b & 0xffffffff;
				if (r12b == 0) goto 0xb0ac8d60;
				asm("o16 nop [eax+eax]");
				_t152 =  *((intOrPtr*)(_t194 + 0x90)) - _t162;
				_t189 = _t152 - 1;
				if (_t189 - _t152 < 0) goto 0xb0ac8cd4;
				E00007FF67FF6B0AA44B8();
				_t203 =  *((intOrPtr*)(_t194 + 0x90));
				_t163 =  *((intOrPtr*)(_t194 + 0x88));
				if ( *((intOrPtr*)(_t163 + _t189)) != r12b) goto 0xb0ac8cf4;
				if (_t203 == _t163) goto 0xb0ac8cea;
				 *((long long*)(_t194 + 0x90)) = _t203 - 1;
				if (_t209 + 1 - _t208 < 0) goto 0xb0ac8cb0;
				goto 0xb0ac8d60;
				if (_t163 == 0) goto 0xb0ac8d01;
				E00007FF67FF6B0AA44D8(_t152, _t163, _t163,  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF67FF6B0AA44D8(_t152, _t163,  *((intOrPtr*)(_t194 + 0x70)),  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				goto 0xb0ac8e5a;
				if (_t163 == 0) goto 0xb0ac8d37;
				E00007FF67FF6B0AA44D8(_t152, _t163, _t163,  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF67FF6B0AA44D8(_t152, _t163,  *((intOrPtr*)(_t194 + 0x70)),  *((intOrPtr*)(_t191 + 0x228)), _t189,  *((intOrPtr*)(_t194 + 0x88)), __r9);
				goto 0xb0ac8e5a;
				_t186 =  *((intOrPtr*)(_t191 + 0x260));
				if ( *((intOrPtr*)(_t191 + 0x258)) - _t186 <= 0) goto 0xb0ac8d85;
				E00007FF67FF6B0AA44B8();
				_t205 =  *((intOrPtr*)(_t194 + 0x90));
				 *((long long*)(_t194 + 0x60)) =  *((intOrPtr*)(_t191 + 0x240));
				 *((long long*)(_t194 + 0x68)) = _t186;
				if ( *((intOrPtr*)(_t194 + 0x88)) - _t205 <= 0) goto 0xb0ac8db3;
				E00007FF67FF6B0AA44B8();
				_t165 =  *((intOrPtr*)(_t194 + 0x88));
				 *((long long*)(_t194 + 0x40)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x48)) = _t205;
				if (_t165 -  *((intOrPtr*)(_t194 + 0x90)) <= 0) goto 0xb0ac8dd1;
				E00007FF67FF6B0AA44B8();
				 *((long long*)(_t194 + 0x50)) =  *((intOrPtr*)(_t194 + 0x70));
				 *((long long*)(_t194 + 0x58)) = _t165;
				asm("movaps xmm0, [esp+0x40]");
				asm("movdqa [esp+0x40], xmm0");
				asm("movaps xmm1, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm1");
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x60], xmm0");
				 *((char*)(_t194 + 0x20)) = 0;
				E00007FF67FF6B0A99750(_t116, _t165, _t191 + 0x240, _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				if ( *((intOrPtr*)(_t194 + 0x88)) == 0) goto 0xb0ac8e36;
				E00007FF67FF6B0AA44D8( *((intOrPtr*)(_t194 + 0x70)), _t165,  *((intOrPtr*)(_t194 + 0x88)), _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				 *((long long*)(_t194 + 0x88)) = _t209;
				 *((long long*)(_t194 + 0x90)) = _t209;
				 *((long long*)(_t194 + 0x98)) = _t209;
				E00007FF67FF6B0AA44D8( *((intOrPtr*)(_t194 + 0x70)), _t165,  *((intOrPtr*)(_t194 + 0x70)), _t194 + 0x60, _t189, _t194 + 0x50, _t194 + 0x40);
				return 1;
			}

























                                                                                                                                                                                                    0x7ff6b0ac8b10
                                                                                                                                                                                                    0x7ff6b0ac8b1b
                                                                                                                                                                                                    0x7ff6b0ac8b22
                                                                                                                                                                                                    0x7ff6b0ac8b2b
                                                                                                                                                                                                    0x7ff6b0ac8b2f
                                                                                                                                                                                                    0x7ff6b0ac8b33
                                                                                                                                                                                                    0x7ff6b0ac8b44
                                                                                                                                                                                                    0x7ff6b0ac8b48
                                                                                                                                                                                                    0x7ff6b0ac8b69
                                                                                                                                                                                                    0x7ff6b0ac8b6d
                                                                                                                                                                                                    0x7ff6b0ac8b79
                                                                                                                                                                                                    0x7ff6b0ac8b82
                                                                                                                                                                                                    0x7ff6b0ac8b8c
                                                                                                                                                                                                    0x7ff6b0ac8b90
                                                                                                                                                                                                    0x7ff6b0ac8b95
                                                                                                                                                                                                    0x7ff6b0ac8ba4
                                                                                                                                                                                                    0x7ff6b0ac8bb0
                                                                                                                                                                                                    0x7ff6b0ac8bb5
                                                                                                                                                                                                    0x7ff6b0ac8bbb
                                                                                                                                                                                                    0x7ff6b0ac8bc2
                                                                                                                                                                                                    0x7ff6b0ac8bc5
                                                                                                                                                                                                    0x7ff6b0ac8bca
                                                                                                                                                                                                    0x7ff6b0ac8bdf
                                                                                                                                                                                                    0x7ff6b0ac8bf8
                                                                                                                                                                                                    0x7ff6b0ac8bfa
                                                                                                                                                                                                    0x7ff6b0ac8c15
                                                                                                                                                                                                    0x7ff6b0ac8c17
                                                                                                                                                                                                    0x7ff6b0ac8c20
                                                                                                                                                                                                    0x7ff6b0ac8c25
                                                                                                                                                                                                    0x7ff6b0ac8c32
                                                                                                                                                                                                    0x7ff6b0ac8c4a
                                                                                                                                                                                                    0x7ff6b0ac8c4d
                                                                                                                                                                                                    0x7ff6b0ac8c54
                                                                                                                                                                                                    0x7ff6b0ac8c56
                                                                                                                                                                                                    0x7ff6b0ac8c63
                                                                                                                                                                                                    0x7ff6b0ac8c6b
                                                                                                                                                                                                    0x7ff6b0ac8c73
                                                                                                                                                                                                    0x7ff6b0ac8c83
                                                                                                                                                                                                    0x7ff6b0ac8c8d
                                                                                                                                                                                                    0x7ff6b0ac8c96
                                                                                                                                                                                                    0x7ff6b0ac8c9d
                                                                                                                                                                                                    0x7ff6b0ac8ca3
                                                                                                                                                                                                    0x7ff6b0ac8cb3
                                                                                                                                                                                                    0x7ff6b0ac8cb6
                                                                                                                                                                                                    0x7ff6b0ac8cbd
                                                                                                                                                                                                    0x7ff6b0ac8cbf
                                                                                                                                                                                                    0x7ff6b0ac8cc4
                                                                                                                                                                                                    0x7ff6b0ac8ccc
                                                                                                                                                                                                    0x7ff6b0ac8cd8
                                                                                                                                                                                                    0x7ff6b0ac8cdd
                                                                                                                                                                                                    0x7ff6b0ac8ce2
                                                                                                                                                                                                    0x7ff6b0ac8cf0
                                                                                                                                                                                                    0x7ff6b0ac8cf2
                                                                                                                                                                                                    0x7ff6b0ac8cf7
                                                                                                                                                                                                    0x7ff6b0ac8cfc
                                                                                                                                                                                                    0x7ff6b0ac8d01
                                                                                                                                                                                                    0x7ff6b0ac8d09
                                                                                                                                                                                                    0x7ff6b0ac8d11
                                                                                                                                                                                                    0x7ff6b0ac8d1e
                                                                                                                                                                                                    0x7ff6b0ac8d25
                                                                                                                                                                                                    0x7ff6b0ac8d2d
                                                                                                                                                                                                    0x7ff6b0ac8d32
                                                                                                                                                                                                    0x7ff6b0ac8d37
                                                                                                                                                                                                    0x7ff6b0ac8d3f
                                                                                                                                                                                                    0x7ff6b0ac8d47
                                                                                                                                                                                                    0x7ff6b0ac8d54
                                                                                                                                                                                                    0x7ff6b0ac8d5b
                                                                                                                                                                                                    0x7ff6b0ac8d60
                                                                                                                                                                                                    0x7ff6b0ac8d6e
                                                                                                                                                                                                    0x7ff6b0ac8d70
                                                                                                                                                                                                    0x7ff6b0ac8d75
                                                                                                                                                                                                    0x7ff6b0ac8d8c
                                                                                                                                                                                                    0x7ff6b0ac8d91
                                                                                                                                                                                                    0x7ff6b0ac8d9c
                                                                                                                                                                                                    0x7ff6b0ac8d9e
                                                                                                                                                                                                    0x7ff6b0ac8dab
                                                                                                                                                                                                    0x7ff6b0ac8db8
                                                                                                                                                                                                    0x7ff6b0ac8dbd
                                                                                                                                                                                                    0x7ff6b0ac8dc5
                                                                                                                                                                                                    0x7ff6b0ac8dc7
                                                                                                                                                                                                    0x7ff6b0ac8dd1
                                                                                                                                                                                                    0x7ff6b0ac8dd6
                                                                                                                                                                                                    0x7ff6b0ac8ddb
                                                                                                                                                                                                    0x7ff6b0ac8de0
                                                                                                                                                                                                    0x7ff6b0ac8de6
                                                                                                                                                                                                    0x7ff6b0ac8deb
                                                                                                                                                                                                    0x7ff6b0ac8df1
                                                                                                                                                                                                    0x7ff6b0ac8df6
                                                                                                                                                                                                    0x7ff6b0ac8e04
                                                                                                                                                                                                    0x7ff6b0ac8e1e
                                                                                                                                                                                                    0x7ff6b0ac8e2f
                                                                                                                                                                                                    0x7ff6b0ac8e31
                                                                                                                                                                                                    0x7ff6b0ac8e36
                                                                                                                                                                                                    0x7ff6b0ac8e3e
                                                                                                                                                                                                    0x7ff6b0ac8e46
                                                                                                                                                                                                    0x7ff6b0ac8e53
                                                                                                                                                                                                    0x7ff6b0ac8e75

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fb120ec78b6aca7237791ca1e518357a6acf2baba424791a472cd37449a4be2c
                                                                                                                                                                                                    • Instruction ID: 35aaeb25c694b39ef59e3410b5be57ca691c5ede53e1ff1e3f17edd8014a4a91
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb120ec78b6aca7237791ca1e518357a6acf2baba424791a472cd37449a4be2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1918F23609BC1A6DA709F29E8403EEE7A4FB85790F554932DB8C97B9ACF3CD4419710
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA50E0 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                                                                    			E00007FF67FF6B0AA50E0(void* __edi, intOrPtr __esi, void* __ebp, long long __rbx, short* __rcx, signed char* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t57;
				void* _t72;
				signed long long _t93;
				intOrPtr* _t97;
				intOrPtr* _t98;
				short* _t101;
				long long _t102;
				long long _t113;
				intOrPtr* _t114;
				void* _t119;
				long long _t121;
				signed char* _t122;
				signed long long _t126;
				void* _t127;
				void* _t134;
				int _t136;
				signed char* _t137;
				void* _t139;
				long long _t141;

				_t93 = _t126;
				 *((long long*)(_t93 + 8)) = __rbx;
				 *((long long*)(_t93 + 0x10)) = _t121;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				 *((long long*)(_t93 + 0x20)) = __rdi;
				_t127 = _t126 - 0x50;
				r14d = 0;
				_t119 = __r8;
				_t137 = __rdx;
				_t101 = __rcx;
				_t113 = _t141;
				if (__rcx == _t141) goto 0xb0aa5123;
				_t72 = __r8 - _t141;
				if (_t72 != 0) goto 0xb0aa511d;
				goto 0xb0aa52c9;
				if (_t72 <= 0) goto 0xb0aa5123;
				 *((intOrPtr*)(__rcx)) = r14w;
				if (__rdx != _t141) goto 0xb0aa5150;
				E00007FF67FF6B0AA78AC(_t93);
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t127 + 0x20)) = _t141;
				 *_t93 = 0x16;
				E00007FF67FF6B0AA4430(_t93, __rcx, __rcx, __rdx, __r8, _t121, __r8, _t141, _t139);
				goto 0xb0aa52c9;
				E00007FF67FF6B0AA4E5C(_t93 | 0xffffffff, _t127 + 0x30, __r9);
				if (_t101 == _t141) goto 0xb0aa526c;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x30)) + 0x14)) != r14d) goto 0xb0aa51c0;
				if (_t119 - _t141 <= 0) goto 0xb0aa5190;
				 *_t101 =  *(_t113 + _t137) & 0x000000ff;
				if ( *(_t113 + _t137) == r14b) goto 0xb0aa51a5;
				_t114 = _t113 + 1;
				_t102 = _t101 + 2;
				if (_t114 - _t119 < 0) goto 0xb0aa5176;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0xb0aa51b8;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				goto 0xb0aa51b8;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0xb0aa51b8;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				_t97 = _t114;
				goto 0xb0aa52c9;
				r9d = __edi;
				 *((intOrPtr*)(_t127 + 0x28)) = __esi;
				 *((long long*)(_t127 + 0x20)) = _t102;
				MultiByteToWideChar(_t136, ??, ??, ??, ??);
				if (_t97 != _t141) goto 0xb0aa52b3;
				if (GetLastError() == 0x7a) goto 0xb0aa5206;
				E00007FF67FF6B0AA78AC(_t97);
				 *_t97 = 0x2a;
				 *_t102 = r14w;
				goto 0xb0aa5190;
				r13d = __esi;
				_t122 = _t137;
				if (__esi == r14d) goto 0xb0aa523e;
				r13d = r13d - 1;
				if ( *_t122 == r14b) goto 0xb0aa523e;
				if (E00007FF67FF6B0AAF9CC( *_t122 & 0x000000ff,  *_t122 - r14b, _t97, _t134) == r14d) goto 0xb0aa5236;
				if (_t122[1] == r14b) goto 0xb0aa51f5;
				goto 0xb0aa520f;
				_t98 =  *((intOrPtr*)(_t127 + 0x30));
				r9d = __ebp - r12d;
				 *((intOrPtr*)(_t127 + 0x28)) = __esi;
				 *((long long*)(_t127 + 0x20)) = _t102;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t98 != _t141) goto 0xb0aa52b6;
				goto 0xb0aa51f5;
				if ( *((intOrPtr*)(_t98 + 0x14)) != r14d) goto 0xb0aa527c;
				E00007FF67FF6B0AA70C0(_t98, _t137);
				goto 0xb0aa52b6;
				r9d = __edi;
				 *((intOrPtr*)(_t127 + 0x28)) = r14d;
				 *((long long*)(_t127 + 0x20)) = _t141;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (_t98 != _t141) goto 0xb0aa52b3;
				_t57 = E00007FF67FF6B0AA78AC(_t98);
				 *_t98 = 0x2a;
				goto 0xb0aa5190;
				if ( *((intOrPtr*)(_t127 + 0x48)) == r14b) goto 0xb0aa52c9;
				 *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) =  *( *((intOrPtr*)(_t127 + 0x40)) + 0xc8) & 0xfffffffd;
				return _t57;
			}






















                                                                                                                                                                                                    0x7ff6b0aa50e0
                                                                                                                                                                                                    0x7ff6b0aa50e3
                                                                                                                                                                                                    0x7ff6b0aa50e7
                                                                                                                                                                                                    0x7ff6b0aa50eb
                                                                                                                                                                                                    0x7ff6b0aa50ef
                                                                                                                                                                                                    0x7ff6b0aa50f9
                                                                                                                                                                                                    0x7ff6b0aa50fd
                                                                                                                                                                                                    0x7ff6b0aa5100
                                                                                                                                                                                                    0x7ff6b0aa5103
                                                                                                                                                                                                    0x7ff6b0aa5106
                                                                                                                                                                                                    0x7ff6b0aa5109
                                                                                                                                                                                                    0x7ff6b0aa510f
                                                                                                                                                                                                    0x7ff6b0aa5111
                                                                                                                                                                                                    0x7ff6b0aa5114
                                                                                                                                                                                                    0x7ff6b0aa5118
                                                                                                                                                                                                    0x7ff6b0aa511d
                                                                                                                                                                                                    0x7ff6b0aa511f
                                                                                                                                                                                                    0x7ff6b0aa5126
                                                                                                                                                                                                    0x7ff6b0aa5128
                                                                                                                                                                                                    0x7ff6b0aa512d
                                                                                                                                                                                                    0x7ff6b0aa5130
                                                                                                                                                                                                    0x7ff6b0aa5137
                                                                                                                                                                                                    0x7ff6b0aa513c
                                                                                                                                                                                                    0x7ff6b0aa5142
                                                                                                                                                                                                    0x7ff6b0aa514b
                                                                                                                                                                                                    0x7ff6b0aa5158
                                                                                                                                                                                                    0x7ff6b0aa5165
                                                                                                                                                                                                    0x7ff6b0aa516f
                                                                                                                                                                                                    0x7ff6b0aa5174
                                                                                                                                                                                                    0x7ff6b0aa517b
                                                                                                                                                                                                    0x7ff6b0aa5182
                                                                                                                                                                                                    0x7ff6b0aa5184
                                                                                                                                                                                                    0x7ff6b0aa5187
                                                                                                                                                                                                    0x7ff6b0aa518e
                                                                                                                                                                                                    0x7ff6b0aa5195
                                                                                                                                                                                                    0x7ff6b0aa519c
                                                                                                                                                                                                    0x7ff6b0aa51a3
                                                                                                                                                                                                    0x7ff6b0aa51aa
                                                                                                                                                                                                    0x7ff6b0aa51b1
                                                                                                                                                                                                    0x7ff6b0aa51b8
                                                                                                                                                                                                    0x7ff6b0aa51bb
                                                                                                                                                                                                    0x7ff6b0aa51cd
                                                                                                                                                                                                    0x7ff6b0aa51d0
                                                                                                                                                                                                    0x7ff6b0aa51d4
                                                                                                                                                                                                    0x7ff6b0aa51d9
                                                                                                                                                                                                    0x7ff6b0aa51e4
                                                                                                                                                                                                    0x7ff6b0aa51f3
                                                                                                                                                                                                    0x7ff6b0aa51f5
                                                                                                                                                                                                    0x7ff6b0aa51fa
                                                                                                                                                                                                    0x7ff6b0aa5200
                                                                                                                                                                                                    0x7ff6b0aa5204
                                                                                                                                                                                                    0x7ff6b0aa5206
                                                                                                                                                                                                    0x7ff6b0aa5209
                                                                                                                                                                                                    0x7ff6b0aa520f
                                                                                                                                                                                                    0x7ff6b0aa5211
                                                                                                                                                                                                    0x7ff6b0aa5218
                                                                                                                                                                                                    0x7ff6b0aa522b
                                                                                                                                                                                                    0x7ff6b0aa5234
                                                                                                                                                                                                    0x7ff6b0aa523c
                                                                                                                                                                                                    0x7ff6b0aa523e
                                                                                                                                                                                                    0x7ff6b0aa5251
                                                                                                                                                                                                    0x7ff6b0aa5254
                                                                                                                                                                                                    0x7ff6b0aa5258
                                                                                                                                                                                                    0x7ff6b0aa525d
                                                                                                                                                                                                    0x7ff6b0aa5268
                                                                                                                                                                                                    0x7ff6b0aa526a
                                                                                                                                                                                                    0x7ff6b0aa5270
                                                                                                                                                                                                    0x7ff6b0aa5275
                                                                                                                                                                                                    0x7ff6b0aa527a
                                                                                                                                                                                                    0x7ff6b0aa5289
                                                                                                                                                                                                    0x7ff6b0aa528c
                                                                                                                                                                                                    0x7ff6b0aa5291
                                                                                                                                                                                                    0x7ff6b0aa5296
                                                                                                                                                                                                    0x7ff6b0aa52a1
                                                                                                                                                                                                    0x7ff6b0aa52a3
                                                                                                                                                                                                    0x7ff6b0aa52a8
                                                                                                                                                                                                    0x7ff6b0aa52ae
                                                                                                                                                                                                    0x7ff6b0aa52bb
                                                                                                                                                                                                    0x7ff6b0aa52c2
                                                                                                                                                                                                    0x7ff6b0aa52e7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2918714741-0
                                                                                                                                                                                                    • Opcode ID: 7d651b8da09034c2c0d35e20cf68fc683c853b3f3c94acc4a5abf00da545e554
                                                                                                                                                                                                    • Instruction ID: 42a684d7c2c1fa671964fa873621221be95f67c2920754d0f64f22a2493dd409
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d651b8da09034c2c0d35e20cf68fc683c853b3f3c94acc4a5abf00da545e554
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8451B423A08682A5E7609B28A54067D7FA0FB45BA4F244B31DB6D937D6CE3CE4418B08
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB228C Relevance: 10.6, APIs: 7, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AB228C(signed int __ebx, signed int __ecx, void* __edi, intOrPtr* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rbp, void* __r8, signed int _a8, long long _a24) {
				signed int _v40;
				void* __rdi;
				void* __rsi;
				void* __r12;
				signed int _t34;
				void* _t48;
				void* _t51;
				intOrPtr* _t57;
				intOrPtr* _t58;
				signed long long _t61;
				signed long long _t68;

				_t73 = __r8;
				_t69 = __rbp;
				_t65 = __rdx;
				_t48 = __edi;
				_a24 = __rbx;
				_a8 = __ecx;
				_t66 = __ecx;
				if (__edi != 0xfffffffe) goto 0xb0ab22b8;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab2391;
				if (__ecx < 0) goto 0xb0ab236e;
				_t51 = _t48 -  *0xb0ae89c0; // 0x20
				if (_t51 >= 0) goto 0xb0ab236e;
				_t68 = __ecx >> 5;
				_t34 = __ebx & 0x0000001f;
				_t61 = __ecx * 0x58;
				_t57 =  *((intOrPtr*)(0xb0ae89e0 + _t68 * 8));
				if (_t51 != 0) goto 0xb0ab2317;
				E00007FF67FF6B0AA78AC(_t57);
				 *_t57 = 9;
				_v40 = _v40 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t57, _t61, __rcx, __rdx, _t68, __rbp, __r8);
				goto 0xb0ab2391;
				E00007FF67FF6B0AB593C(_t34, __edi, _t61, _t66, _t68, 0xb0ae89e0);
				_t58 =  *((intOrPtr*)(0xb0ae89e0 + _t68 * 8));
				if (( *(_t58 + _t61 + 8) & 0x00000001) == 0) goto 0xb0ab2355;
				E00007FF67FF6B0AB58B8(_t48, 0, _t58, _t61, _t68, _t69, _t73);
				if (FlushFileBuffers(??) != 0) goto 0xb0ab2348;
				GetLastError();
				goto 0xb0ab234a;
				if (0 == 0) goto 0xb0ab2363;
				E00007FF67FF6B0AA78CC(_t58);
				 *_t58 = 0;
				E00007FF67FF6B0AA78AC(_t58);
				 *_t58 = 9;
				E00007FF67FF6B0AB59E4();
				goto 0xb0ab2391;
				E00007FF67FF6B0AA78AC(_t58);
				 *_t58 = 9;
				_v40 = _v40 & 0x00000000;
				r9d = 0;
				r8d = 0;
				return E00007FF67FF6B0AA4430(_t58, _t61, _t58, _t65, _t68, _t69, _t73) | 0xffffffff;
			}














                                                                                                                                                                                                    0x7ff6b0ab228c
                                                                                                                                                                                                    0x7ff6b0ab228c
                                                                                                                                                                                                    0x7ff6b0ab228c
                                                                                                                                                                                                    0x7ff6b0ab228c
                                                                                                                                                                                                    0x7ff6b0ab228c
                                                                                                                                                                                                    0x7ff6b0ab2291
                                                                                                                                                                                                    0x7ff6b0ab229d
                                                                                                                                                                                                    0x7ff6b0ab22a3
                                                                                                                                                                                                    0x7ff6b0ab22a5
                                                                                                                                                                                                    0x7ff6b0ab22aa
                                                                                                                                                                                                    0x7ff6b0ab22b3
                                                                                                                                                                                                    0x7ff6b0ab22ba
                                                                                                                                                                                                    0x7ff6b0ab22c0
                                                                                                                                                                                                    0x7ff6b0ab22c6
                                                                                                                                                                                                    0x7ff6b0ab22d2
                                                                                                                                                                                                    0x7ff6b0ab22dd
                                                                                                                                                                                                    0x7ff6b0ab22e0
                                                                                                                                                                                                    0x7ff6b0ab22e4
                                                                                                                                                                                                    0x7ff6b0ab22f0
                                                                                                                                                                                                    0x7ff6b0ab22f2
                                                                                                                                                                                                    0x7ff6b0ab22f7
                                                                                                                                                                                                    0x7ff6b0ab22fd
                                                                                                                                                                                                    0x7ff6b0ab2303
                                                                                                                                                                                                    0x7ff6b0ab2306
                                                                                                                                                                                                    0x7ff6b0ab230d
                                                                                                                                                                                                    0x7ff6b0ab2315
                                                                                                                                                                                                    0x7ff6b0ab2319
                                                                                                                                                                                                    0x7ff6b0ab231f
                                                                                                                                                                                                    0x7ff6b0ab2328
                                                                                                                                                                                                    0x7ff6b0ab232c
                                                                                                                                                                                                    0x7ff6b0ab233c
                                                                                                                                                                                                    0x7ff6b0ab233e
                                                                                                                                                                                                    0x7ff6b0ab2346
                                                                                                                                                                                                    0x7ff6b0ab234c
                                                                                                                                                                                                    0x7ff6b0ab234e
                                                                                                                                                                                                    0x7ff6b0ab2353
                                                                                                                                                                                                    0x7ff6b0ab2355
                                                                                                                                                                                                    0x7ff6b0ab235a
                                                                                                                                                                                                    0x7ff6b0ab2365
                                                                                                                                                                                                    0x7ff6b0ab236c
                                                                                                                                                                                                    0x7ff6b0ab236e
                                                                                                                                                                                                    0x7ff6b0ab2373
                                                                                                                                                                                                    0x7ff6b0ab2379
                                                                                                                                                                                                    0x7ff6b0ab237f
                                                                                                                                                                                                    0x7ff6b0ab2382
                                                                                                                                                                                                    0x7ff6b0ab239e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2918714741-0
                                                                                                                                                                                                    • Opcode ID: 940a07213795119bc703be0b840b2cf50cf32eea5432c9220b670cdf8d9e1718
                                                                                                                                                                                                    • Instruction ID: 3e4bda1cbd4ea02fee375ac7debf660110b3d98c7699ab9b813b5a711d62299b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 940a07213795119bc703be0b840b2cf50cf32eea5432c9220b670cdf8d9e1718
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1531C523E18646A2F7215F7D985577E3E91AF84760F154A35EB2D8A3D3CF3CA4428704
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA964D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00007FF67FF6B0AA964D(void* __rax, intOrPtr _a32, intOrPtr _a56, intOrPtr _a64, intOrPtr _a72, intOrPtr _a80, intOrPtr* _a96, intOrPtr _a208, intOrPtr* _a216, long long _a224, long long _a232) {
				void* _t36;
				void* _t37;
				void* _t44;
				void* _t53;
				intOrPtr* _t68;

				_t53 = __rax;
				_a32 = 1;
				E00007FF67FF6B0AAB93C(_t37, _t44, __rax);
				 *(_t53 + 0x2c0) =  *(_t53 + 0x2c0) & 0x00000000;
				if (_a208 == 0) goto 0xb0aa9699;
				E00007FF67FF6B0AA93E4(1, _a216);
				r8d =  *((intOrPtr*)(_a64 + 0x18));
				RaiseException(??, ??, ??, ??);
				goto 0xb0aa96b4;
				_t68 = _a216;
				r8d =  *((intOrPtr*)(_t68 + 0x18));
				RaiseException(??, ??, ??, ??);
				r14d = _a32;
				E00007FF67FF6B0AA771C(_t53, _a72, _a80);
				if (r14d != 0) goto 0xb0aa971d;
				if ( *_t68 != 0xe06d7363) goto 0xb0aa971d;
				if ( *((intOrPtr*)(_t68 + 0x18)) != 4) goto 0xb0aa971d;
				if ( *((intOrPtr*)(_t68 + 0x20)) == 0x19930520) goto 0xb0aa9706;
				if ( *((intOrPtr*)(_t68 + 0x20)) == 0x19930521) goto 0xb0aa9706;
				if ( *((intOrPtr*)(_t68 + 0x20)) != 0x19930522) goto 0xb0aa971d;
				if (E00007FF67FF6B0AA76E8(_t53,  *((intOrPtr*)(_t68 + 0x28))) == 0) goto 0xb0aa971d;
				E00007FF67FF6B0AA93E4(1, _t68);
				E00007FF67FF6B0AAB93C( *_t68, E00007FF67FF6B0AA76E8(_t53,  *((intOrPtr*)(_t68 + 0x28))), _t53);
				 *((long long*)(_t53 + 0xf0)) = _a224;
				_t36 = E00007FF67FF6B0AAB93C( *_t68, E00007FF67FF6B0AA76E8(_t53,  *((intOrPtr*)(_t68 + 0x28))), _t53);
				 *((long long*)(_t53 + 0xf8)) = _a232;
				 *((long long*)( *((intOrPtr*)(_a56 + 0x1c)) +  *_a96)) = 0xfffffffe;
				return _t36;
			}








                                                                                                                                                                                                    0x7ff6b0aa964d
                                                                                                                                                                                                    0x7ff6b0aa964d
                                                                                                                                                                                                    0x7ff6b0aa9655
                                                                                                                                                                                                    0x7ff6b0aa965a
                                                                                                                                                                                                    0x7ff6b0aa9669
                                                                                                                                                                                                    0x7ff6b0aa9678
                                                                                                                                                                                                    0x7ff6b0aa9686
                                                                                                                                                                                                    0x7ff6b0aa9691
                                                                                                                                                                                                    0x7ff6b0aa9697
                                                                                                                                                                                                    0x7ff6b0aa9699
                                                                                                                                                                                                    0x7ff6b0aa96a5
                                                                                                                                                                                                    0x7ff6b0aa96ae
                                                                                                                                                                                                    0x7ff6b0aa96b4
                                                                                                                                                                                                    0x7ff6b0aa96d3
                                                                                                                                                                                                    0x7ff6b0aa96db
                                                                                                                                                                                                    0x7ff6b0aa96e3
                                                                                                                                                                                                    0x7ff6b0aa96e9
                                                                                                                                                                                                    0x7ff6b0aa96f2
                                                                                                                                                                                                    0x7ff6b0aa96fb
                                                                                                                                                                                                    0x7ff6b0aa9704
                                                                                                                                                                                                    0x7ff6b0aa9711
                                                                                                                                                                                                    0x7ff6b0aa9718
                                                                                                                                                                                                    0x7ff6b0aa971d
                                                                                                                                                                                                    0x7ff6b0aa972a
                                                                                                                                                                                                    0x7ff6b0aa9731
                                                                                                                                                                                                    0x7ff6b0aa9736
                                                                                                                                                                                                    0x7ff6b0aa974a
                                                                                                                                                                                                    0x7ff6b0aa9765

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$ExceptionRaise
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 2255768072-1018135373
                                                                                                                                                                                                    • Opcode ID: b9f1586c76201837a7cedb49760973dd62f8e83127a431f82f18a74b45bd6239
                                                                                                                                                                                                    • Instruction ID: 7406f297443f69d2ceac2aea9628f03f068c18f32fe33539e787b047bf83ce53
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9f1586c76201837a7cedb49760973dd62f8e83127a431f82f18a74b45bd6239
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7311B3760864296EA709F1AE08466E77A0FB44B51F204636DB9E43BD6DF3DE8458B10
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAFE78 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                                                    			E00007FF67FF6B0AAFE78(void* __ecx, void* __edx, void* __ebp, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* __r13;
				long long _t39;
				void* _t41;
				void* _t44;
				signed long long _t52;
				void* _t62;

				_t54 = __rsi;
				_t44 = __rcx;
				_t39 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t41 = __ecx;
				if ( *0xb0ae3b90 != 0) goto 0xb0aafeb6;
				E00007FF67FF6B0AABF50();
				_t4 = _t54 + 0x1d; // 0x1e
				E00007FF67FF6B0AABD28(_t4, _t41, __rdi, __rsi, __rbp, __r9, _t62);
				E00007FF67FF6B0AA55B4();
				_t52 = _t41 + _t41;
				if ( *((long long*)(0xb0ae10f0 + _t52 * 8)) == 0) goto 0xb0aafecf;
				goto 0xb0aaff4a;
				E00007FF67FF6B0AAA574(__ebp, _t39, _t41, _t44, __rsi, __rbp);
				if (_t39 != 0) goto 0xb0aafef0;
				E00007FF67FF6B0AA78AC(_t39);
				 *_t39 = 0xc;
				goto 0xb0aaff4a;
				E00007FF67FF6B0AAFF60();
				if ( *((long long*)(0xb0ae10f0 + _t52 * 8)) != 0) goto 0xb0aaff32;
				if (E00007FF67FF6B0AB0438() != 0) goto 0xb0aaff2b;
				free(??);
				E00007FF67FF6B0AA78AC(_t39);
				 *_t39 = 0xc;
				goto 0xb0aaff3b;
				 *((long long*)(0xb0ae10f0 + _t52 * 8)) = _t39;
				goto 0xb0aaff3b;
				free(??);
				LeaveCriticalSection(??);
				return 0;
			}









                                                                                                                                                                                                    0x7ff6b0aafe78
                                                                                                                                                                                                    0x7ff6b0aafe78
                                                                                                                                                                                                    0x7ff6b0aafe78
                                                                                                                                                                                                    0x7ff6b0aafe78
                                                                                                                                                                                                    0x7ff6b0aafe7d
                                                                                                                                                                                                    0x7ff6b0aafe82
                                                                                                                                                                                                    0x7ff6b0aafe8d
                                                                                                                                                                                                    0x7ff6b0aafe9d
                                                                                                                                                                                                    0x7ff6b0aafe9f
                                                                                                                                                                                                    0x7ff6b0aafea4
                                                                                                                                                                                                    0x7ff6b0aafea7
                                                                                                                                                                                                    0x7ff6b0aafeb1
                                                                                                                                                                                                    0x7ff6b0aafeb9
                                                                                                                                                                                                    0x7ff6b0aafec9
                                                                                                                                                                                                    0x7ff6b0aafecd
                                                                                                                                                                                                    0x7ff6b0aafed4
                                                                                                                                                                                                    0x7ff6b0aafedf
                                                                                                                                                                                                    0x7ff6b0aafee1
                                                                                                                                                                                                    0x7ff6b0aafee6
                                                                                                                                                                                                    0x7ff6b0aafeee
                                                                                                                                                                                                    0x7ff6b0aafef5
                                                                                                                                                                                                    0x7ff6b0aaff01
                                                                                                                                                                                                    0x7ff6b0aaff12
                                                                                                                                                                                                    0x7ff6b0aaff17
                                                                                                                                                                                                    0x7ff6b0aaff1c
                                                                                                                                                                                                    0x7ff6b0aaff21
                                                                                                                                                                                                    0x7ff6b0aaff29
                                                                                                                                                                                                    0x7ff6b0aaff2b
                                                                                                                                                                                                    0x7ff6b0aaff30
                                                                                                                                                                                                    0x7ff6b0aaff35
                                                                                                                                                                                                    0x7ff6b0aaff42
                                                                                                                                                                                                    0x7ff6b0aaff5f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$CriticalExitFileLeaveModuleNameProcessSectionSleep_lockfreemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1024173049-0
                                                                                                                                                                                                    • Opcode ID: ac058671c3edeb939d153bb6fb2abfec8c3f6b002bac18dcab764f1b054be2dd
                                                                                                                                                                                                    • Instruction ID: 3186ffb8d7212f6246dc540a7ad9bd78023a193335618a79f8ee9024eb2b11b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac058671c3edeb939d153bb6fb2abfec8c3f6b002bac18dcab764f1b054be2dd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E218E23E29643A5F668AB58E80437E6A55EF85780F244934EB4EC77D3CF3CE8418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9CEF0 Relevance: 9.2, APIs: 6, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF67FF6B0A9CEF0(void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v72;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t68;
				void* _t71;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				signed long long _t113;
				intOrPtr _t116;
				intOrPtr* _t120;
				intOrPtr _t122;
				intOrPtr _t123;
				long long _t126;
				long long* _t129;
				long long* _t130;
				signed long long _t144;
				signed long long _t148;
				signed long long _t150;
				intOrPtr* _t153;
				void* _t156;
				intOrPtr* _t159;
				void* _t161;
				void* _t162;
				void* _t164;
				signed long long _t166;
				void* _t168;
				intOrPtr* _t169;
				void* _t171;

				_t159 = __r8;
				_t155 = __rbp;
				_t162 = _t156;
				 *((long long*)(_t162 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t162 + 0x10)) = __rbx;
				 *((long long*)(_t162 + 0x18)) = __rsi;
				_t169 = __r8;
				_t153 = __rdx;
				_t126 = __rcx;
				_t129 = _t162 - 0x38;
				 *_t129 =  *__rdx;
				 *((long long*)(_t129 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t130 = _t162 - 0x50;
				 *_t130 =  *__r8;
				 *((long long*)(_t130 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t105 =  *((intOrPtr*)(_t162 - 0x50));
				if (_t105 == 0xfffffffc) goto 0xb0a9cf5c;
				if (_t105 == 0) goto 0xb0a9cf57;
				if (_t105 ==  *((intOrPtr*)(_t162 - 0x38))) goto 0xb0a9cf5c;
				E00007FF67FF6B0AA44B8();
				_t144 = _v72 - _v48 >> 1;
				_t148 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t148 - _t144 > 0) goto 0xb0a9cfa6;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t144) goto 0xb0a9cfa6;
				r8b = 1;
				if (E00007FF67FF6B0A924C0(__rcx, __rcx, _t144, __rdx, __rbp, _t164, _t171, _t168) == 0) goto 0xb0a9cfa6;
				 *(_t126 + 0x18) = _t148;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0xb0a9cf98;
				goto 0xb0a9cf9c;
				r13d = 0;
				 *((intOrPtr*)(_t126 + 8 + _t148 * 2)) = r13w;
				goto 0xb0a9cfa9;
				r13d = 0;
				_t108 =  *_t153;
				if (_t108 == 0xfffffffc) goto 0xb0a9cfcb;
				if (_t108 == 0) goto 0xb0a9cfc6;
				if (_t108 ==  *_t169) goto 0xb0a9cfcb;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t153 + 8)) ==  *((intOrPtr*)(_t169 + 8))) goto 0xb0a9d0f4;
				_t110 =  *_t153;
				if (_t110 == 0xfffffffc) goto 0xb0a9d013;
				if (_t110 != 0) goto 0xb0a9cfec;
				E00007FF67FF6B0AA44B8();
				_t111 =  *_t153;
				if ( *((long long*)(_t111 + 0x20)) - 8 < 0) goto 0xb0a9cffc;
				goto 0xb0a9d000;
				if ( *((intOrPtr*)(_t153 + 8)) - _t111 + 8 +  *(_t111 + 0x18) * 2 < 0) goto 0xb0a9d013;
				E00007FF67FF6B0AA44B8();
				_t113 =  *((intOrPtr*)(_t153 + 8));
				r12d =  *_t113 & 0x0000ffff;
				if ((_t113 | 0xffffffff) -  *(_t126 + 0x18) - 1 > 0) goto 0xb0a9d02e;
				E00007FF67FF6B0AA33CC((_t113 | 0xffffffff) -  *(_t126 + 0x18), _t126, _t148, _t155, _t159, _t161);
				_t150 =  *(_t126 + 0x18) + 1;
				if (_t150 - 0xfffffffe <= 0) goto 0xb0a9d03f;
				_t68 = E00007FF67FF6B0AA33CC((_t113 | 0xffffffff) -  *(_t126 + 0x18), _t126, _t150, _t155, _t159, _t161);
				_t116 =  *((intOrPtr*)(_t126 + 0x20));
				if (_t116 - _t150 >= 0) goto 0xb0a9d059;
				E00007FF67FF6B0A926D0(_t68, _t126, _t150,  *(_t126 + 0x18), _t166, _t164);
				goto 0xb0a9d078;
				if (_t150 != 0) goto 0xb0a9d078;
				 *(_t126 + 0x18) = _t166;
				if (_t116 - 8 < 0) goto 0xb0a9d06e;
				goto 0xb0a9d072;
				 *((intOrPtr*)(_t126 + 8)) = r13w;
				goto 0xb0a9d0b0;
				if (_t150 == 0) goto 0xb0a9d0b0;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0xb0a9d091;
				goto 0xb0a9d098;
				_t120 = _t126 + 8;
				 *((intOrPtr*)(_t120 +  *(_t126 + 0x18) * 2)) = r12w;
				 *(_t126 + 0x18) = _t150;
				if ( *((long long*)(_t126 + 0x20)) - 8 < 0) goto 0xb0a9d0ab;
				 *((intOrPtr*)( *_t120 + _t150 * 2)) = r13w;
				_t122 =  *_t153;
				if (_t122 == 0xfffffffc) goto 0xb0a9d0ea;
				if (_t122 != 0) goto 0xb0a9d0c3;
				E00007FF67FF6B0AA44B8();
				_t123 =  *_t153;
				if ( *((long long*)(_t123 + 0x20)) - 8 < 0) goto 0xb0a9d0d3;
				goto 0xb0a9d0d7;
				if ( *((intOrPtr*)(_t153 + 8)) - _t123 + 8 +  *(_t123 + 0x18) * 2 < 0) goto 0xb0a9d0ea;
				_t71 = E00007FF67FF6B0AA44B8();
				 *((long long*)(_t153 + 8)) =  *((long long*)(_t153 + 8)) + 2;
				goto 0xb0a9cfb3;
				return _t71;
			}




































                                                                                                                                                                                                    0x7ff6b0a9cef0
                                                                                                                                                                                                    0x7ff6b0a9cef0
                                                                                                                                                                                                    0x7ff6b0a9cef0
                                                                                                                                                                                                    0x7ff6b0a9cef3
                                                                                                                                                                                                    0x7ff6b0a9cf04
                                                                                                                                                                                                    0x7ff6b0a9cf0d
                                                                                                                                                                                                    0x7ff6b0a9cf11
                                                                                                                                                                                                    0x7ff6b0a9cf15
                                                                                                                                                                                                    0x7ff6b0a9cf18
                                                                                                                                                                                                    0x7ff6b0a9cf1b
                                                                                                                                                                                                    0x7ff6b0a9cf1e
                                                                                                                                                                                                    0x7ff6b0a9cf25
                                                                                                                                                                                                    0x7ff6b0a9cf2c
                                                                                                                                                                                                    0x7ff6b0a9cf30
                                                                                                                                                                                                    0x7ff6b0a9cf37
                                                                                                                                                                                                    0x7ff6b0a9cf3e
                                                                                                                                                                                                    0x7ff6b0a9cf42
                                                                                                                                                                                                    0x7ff6b0a9cf4a
                                                                                                                                                                                                    0x7ff6b0a9cf4f
                                                                                                                                                                                                    0x7ff6b0a9cf55
                                                                                                                                                                                                    0x7ff6b0a9cf57
                                                                                                                                                                                                    0x7ff6b0a9cf66
                                                                                                                                                                                                    0x7ff6b0a9cf69
                                                                                                                                                                                                    0x7ff6b0a9cf70
                                                                                                                                                                                                    0x7ff6b0a9cf76
                                                                                                                                                                                                    0x7ff6b0a9cf78
                                                                                                                                                                                                    0x7ff6b0a9cf85
                                                                                                                                                                                                    0x7ff6b0a9cf87
                                                                                                                                                                                                    0x7ff6b0a9cf90
                                                                                                                                                                                                    0x7ff6b0a9cf96
                                                                                                                                                                                                    0x7ff6b0a9cf9c
                                                                                                                                                                                                    0x7ff6b0a9cf9f
                                                                                                                                                                                                    0x7ff6b0a9cfa4
                                                                                                                                                                                                    0x7ff6b0a9cfa6
                                                                                                                                                                                                    0x7ff6b0a9cfb3
                                                                                                                                                                                                    0x7ff6b0a9cfba
                                                                                                                                                                                                    0x7ff6b0a9cfbf
                                                                                                                                                                                                    0x7ff6b0a9cfc4
                                                                                                                                                                                                    0x7ff6b0a9cfc6
                                                                                                                                                                                                    0x7ff6b0a9cfd3
                                                                                                                                                                                                    0x7ff6b0a9cfd9
                                                                                                                                                                                                    0x7ff6b0a9cfe0
                                                                                                                                                                                                    0x7ff6b0a9cfe5
                                                                                                                                                                                                    0x7ff6b0a9cfe7
                                                                                                                                                                                                    0x7ff6b0a9cfec
                                                                                                                                                                                                    0x7ff6b0a9cff4
                                                                                                                                                                                                    0x7ff6b0a9cffa
                                                                                                                                                                                                    0x7ff6b0a9d00c
                                                                                                                                                                                                    0x7ff6b0a9d00e
                                                                                                                                                                                                    0x7ff6b0a9d013
                                                                                                                                                                                                    0x7ff6b0a9d017
                                                                                                                                                                                                    0x7ff6b0a9d027
                                                                                                                                                                                                    0x7ff6b0a9d029
                                                                                                                                                                                                    0x7ff6b0a9d032
                                                                                                                                                                                                    0x7ff6b0a9d038
                                                                                                                                                                                                    0x7ff6b0a9d03a
                                                                                                                                                                                                    0x7ff6b0a9d03f
                                                                                                                                                                                                    0x7ff6b0a9d046
                                                                                                                                                                                                    0x7ff6b0a9d052
                                                                                                                                                                                                    0x7ff6b0a9d057
                                                                                                                                                                                                    0x7ff6b0a9d05c
                                                                                                                                                                                                    0x7ff6b0a9d05e
                                                                                                                                                                                                    0x7ff6b0a9d066
                                                                                                                                                                                                    0x7ff6b0a9d06c
                                                                                                                                                                                                    0x7ff6b0a9d072
                                                                                                                                                                                                    0x7ff6b0a9d076
                                                                                                                                                                                                    0x7ff6b0a9d07b
                                                                                                                                                                                                    0x7ff6b0a9d086
                                                                                                                                                                                                    0x7ff6b0a9d08f
                                                                                                                                                                                                    0x7ff6b0a9d091
                                                                                                                                                                                                    0x7ff6b0a9d098
                                                                                                                                                                                                    0x7ff6b0a9d09d
                                                                                                                                                                                                    0x7ff6b0a9d0a6
                                                                                                                                                                                                    0x7ff6b0a9d0ab
                                                                                                                                                                                                    0x7ff6b0a9d0b0
                                                                                                                                                                                                    0x7ff6b0a9d0b7
                                                                                                                                                                                                    0x7ff6b0a9d0bc
                                                                                                                                                                                                    0x7ff6b0a9d0be
                                                                                                                                                                                                    0x7ff6b0a9d0c3
                                                                                                                                                                                                    0x7ff6b0a9d0cb
                                                                                                                                                                                                    0x7ff6b0a9d0d1
                                                                                                                                                                                                    0x7ff6b0a9d0e3
                                                                                                                                                                                                    0x7ff6b0a9d0e5
                                                                                                                                                                                                    0x7ff6b0a9d0ea
                                                                                                                                                                                                    0x7ff6b0a9d0ef
                                                                                                                                                                                                    0x7ff6b0a9d10d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 7f6f2e91ed5572e42ace02233fa957f2e227a56f2aac9c965945f59fe9a565ff
                                                                                                                                                                                                    • Instruction ID: 88d1118adb55aae696a1192c1167e0dc6a8c60f574aaea256e79ae6ce13ad6c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f6f2e91ed5572e42ace02233fa957f2e227a56f2aac9c965945f59fe9a565ff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6615B33708F41A1EA148F19D54402C6BA5FB44BA4B554B32DB6E873E7DF3AE896C350
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A93030 Relevance: 9.1, APIs: 6, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                                                                    			E00007FF67FF6B0A93030(void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t58;
				void* _t61;
				intOrPtr _t91;
				intOrPtr _t94;
				signed long long _t101;
				intOrPtr _t104;
				intOrPtr* _t108;
				long long _t116;
				long long* _t119;
				long long* _t120;
				void* _t127;
				intOrPtr* _t131;
				signed long long _t134;
				signed long long _t136;
				void* _t139;
				intOrPtr* _t142;
				void* _t144;
				void* _t145;
				signed long long _t147;
				void* _t149;
				void* _t151;
				intOrPtr* _t152;
				void* _t154;

				_t142 = __r8;
				_t138 = __rbp;
				_t145 = _t139;
				 *((long long*)(_t145 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t145 + 0x10)) = __rbx;
				 *((long long*)(_t145 + 0x18)) = __rsi;
				_t152 = __r8;
				_t131 = __rdx;
				_t116 = __rcx;
				_t119 = _t145 - 0x48;
				 *_t119 =  *__r8;
				 *((long long*)(_t119 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t120 = _t145 - 0x38;
				 *_t120 =  *__rdx;
				 *((long long*)(_t120 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t91 =  *((intOrPtr*)(_t145 - 0x48));
				if (_t91 == 0) goto 0xb0a93091;
				if (_t91 ==  *((intOrPtr*)(_t145 - 0x38))) goto 0xb0a93096;
				E00007FF67FF6B0AA44B8();
				_t127 = _v64 - _v48;
				_t134 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t134 - _t127 > 0) goto 0xb0a930dd;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t127) goto 0xb0a930dd;
				r8b = 1;
				if (E00007FF67FF6B0A924C0(__rcx, __rcx, _t127, _t134, __rbp, _t147, _t154, _t151) == 0) goto 0xb0a930dd;
				 *(_t116 + 0x18) = _t134;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0xb0a930cf;
				goto 0xb0a930d3;
				r12d = 0;
				 *((intOrPtr*)(_t116 + 8 + _t134 * 2)) = r12w;
				goto 0xb0a930e0;
				r12d = 0;
				asm("o16 nop [eax+eax]");
				_t94 =  *_t131;
				if (_t94 == 0) goto 0xb0a930fd;
				if (_t94 ==  *_t152) goto 0xb0a93102;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(_t131 + 8)) ==  *((intOrPtr*)(_t152 + 8))) goto 0xb0a9320e;
				if ( *_t131 != 0) goto 0xb0a9312a;
				E00007FF67FF6B0AA44B8();
				if ( *_t131 != 0) goto 0xb0a9312a;
				goto 0xb0a9312d;
				if ( *((intOrPtr*)(_t131 + 8)) -  *((intOrPtr*)( *_t147 + 0x20)) < 0) goto 0xb0a9313c;
				E00007FF67FF6B0AA44B8();
				_t101 =  *((intOrPtr*)(_t131 + 8));
				r13d =  *_t101 & 0x000000ff;
				if ((_t101 | 0xffffffff) -  *(_t116 + 0x18) - 1 > 0) goto 0xb0a93157;
				E00007FF67FF6B0AA33CC((_t101 | 0xffffffff) -  *(_t116 + 0x18), _t116, _t131, _t138, _t142, _t144);
				_t136 =  *(_t116 + 0x18) + 1;
				if (_t136 - 0xfffffffe <= 0) goto 0xb0a93168;
				_t58 = E00007FF67FF6B0AA33CC((_t101 | 0xffffffff) -  *(_t116 + 0x18), _t116, _t131, _t138, _t142, _t144);
				_t104 =  *((intOrPtr*)(_t116 + 0x20));
				if (_t104 - _t136 >= 0) goto 0xb0a93182;
				E00007FF67FF6B0A926D0(_t58, _t116, _t136,  *(_t116 + 0x18), _t149, _t147);
				goto 0xb0a931a1;
				if (_t136 != 0) goto 0xb0a931a1;
				 *(_t116 + 0x18) = _t147;
				if (_t104 - 8 < 0) goto 0xb0a93197;
				goto 0xb0a9319b;
				 *((intOrPtr*)(_t116 + 8)) = r12w;
				goto 0xb0a931d9;
				if (_t136 == 0) goto 0xb0a931d9;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0xb0a931ba;
				goto 0xb0a931c1;
				_t108 = _t116 + 8;
				 *((intOrPtr*)(_t108 +  *(_t116 + 0x18) * 2)) = r13w;
				 *(_t116 + 0x18) = _t136;
				if ( *((long long*)(_t116 + 0x20)) - 8 < 0) goto 0xb0a931d4;
				 *((intOrPtr*)( *_t108 + _t136 * 2)) = r12w;
				if ( *_t131 != 0) goto 0xb0a931f3;
				E00007FF67FF6B0AA44B8();
				if ( *_t131 != 0) goto 0xb0a931f3;
				goto 0xb0a931f6;
				if ( *((intOrPtr*)(_t131 + 8)) -  *((intOrPtr*)( *_t147 + 0x20)) < 0) goto 0xb0a93205;
				_t61 = E00007FF67FF6B0AA44B8();
				 *((long long*)(_t131 + 8)) =  *((long long*)(_t131 + 8)) + 1;
				goto 0xb0a930f0;
				return _t61;
			}
































                                                                                                                                                                                                    0x7ff6b0a93030
                                                                                                                                                                                                    0x7ff6b0a93030
                                                                                                                                                                                                    0x7ff6b0a93030
                                                                                                                                                                                                    0x7ff6b0a93033
                                                                                                                                                                                                    0x7ff6b0a93044
                                                                                                                                                                                                    0x7ff6b0a9304d
                                                                                                                                                                                                    0x7ff6b0a93051
                                                                                                                                                                                                    0x7ff6b0a93055
                                                                                                                                                                                                    0x7ff6b0a93058
                                                                                                                                                                                                    0x7ff6b0a9305b
                                                                                                                                                                                                    0x7ff6b0a9305e
                                                                                                                                                                                                    0x7ff6b0a93065
                                                                                                                                                                                                    0x7ff6b0a9306c
                                                                                                                                                                                                    0x7ff6b0a93070
                                                                                                                                                                                                    0x7ff6b0a93077
                                                                                                                                                                                                    0x7ff6b0a9307e
                                                                                                                                                                                                    0x7ff6b0a93082
                                                                                                                                                                                                    0x7ff6b0a93089
                                                                                                                                                                                                    0x7ff6b0a9308f
                                                                                                                                                                                                    0x7ff6b0a93091
                                                                                                                                                                                                    0x7ff6b0a9309b
                                                                                                                                                                                                    0x7ff6b0a930a0
                                                                                                                                                                                                    0x7ff6b0a930a7
                                                                                                                                                                                                    0x7ff6b0a930ad
                                                                                                                                                                                                    0x7ff6b0a930af
                                                                                                                                                                                                    0x7ff6b0a930bc
                                                                                                                                                                                                    0x7ff6b0a930be
                                                                                                                                                                                                    0x7ff6b0a930c7
                                                                                                                                                                                                    0x7ff6b0a930cd
                                                                                                                                                                                                    0x7ff6b0a930d3
                                                                                                                                                                                                    0x7ff6b0a930d6
                                                                                                                                                                                                    0x7ff6b0a930db
                                                                                                                                                                                                    0x7ff6b0a930dd
                                                                                                                                                                                                    0x7ff6b0a930ea
                                                                                                                                                                                                    0x7ff6b0a930f0
                                                                                                                                                                                                    0x7ff6b0a930f6
                                                                                                                                                                                                    0x7ff6b0a930fb
                                                                                                                                                                                                    0x7ff6b0a930fd
                                                                                                                                                                                                    0x7ff6b0a9310a
                                                                                                                                                                                                    0x7ff6b0a93116
                                                                                                                                                                                                    0x7ff6b0a93118
                                                                                                                                                                                                    0x7ff6b0a93123
                                                                                                                                                                                                    0x7ff6b0a93128
                                                                                                                                                                                                    0x7ff6b0a93135
                                                                                                                                                                                                    0x7ff6b0a93137
                                                                                                                                                                                                    0x7ff6b0a9313c
                                                                                                                                                                                                    0x7ff6b0a93140
                                                                                                                                                                                                    0x7ff6b0a93150
                                                                                                                                                                                                    0x7ff6b0a93152
                                                                                                                                                                                                    0x7ff6b0a9315b
                                                                                                                                                                                                    0x7ff6b0a93161
                                                                                                                                                                                                    0x7ff6b0a93163
                                                                                                                                                                                                    0x7ff6b0a93168
                                                                                                                                                                                                    0x7ff6b0a9316f
                                                                                                                                                                                                    0x7ff6b0a9317b
                                                                                                                                                                                                    0x7ff6b0a93180
                                                                                                                                                                                                    0x7ff6b0a93185
                                                                                                                                                                                                    0x7ff6b0a93187
                                                                                                                                                                                                    0x7ff6b0a9318f
                                                                                                                                                                                                    0x7ff6b0a93195
                                                                                                                                                                                                    0x7ff6b0a9319b
                                                                                                                                                                                                    0x7ff6b0a9319f
                                                                                                                                                                                                    0x7ff6b0a931a4
                                                                                                                                                                                                    0x7ff6b0a931af
                                                                                                                                                                                                    0x7ff6b0a931b8
                                                                                                                                                                                                    0x7ff6b0a931ba
                                                                                                                                                                                                    0x7ff6b0a931c1
                                                                                                                                                                                                    0x7ff6b0a931c6
                                                                                                                                                                                                    0x7ff6b0a931cf
                                                                                                                                                                                                    0x7ff6b0a931d4
                                                                                                                                                                                                    0x7ff6b0a931df
                                                                                                                                                                                                    0x7ff6b0a931e1
                                                                                                                                                                                                    0x7ff6b0a931ec
                                                                                                                                                                                                    0x7ff6b0a931f1
                                                                                                                                                                                                    0x7ff6b0a931fe
                                                                                                                                                                                                    0x7ff6b0a93200
                                                                                                                                                                                                    0x7ff6b0a93205
                                                                                                                                                                                                    0x7ff6b0a93209
                                                                                                                                                                                                    0x7ff6b0a93227

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 06a8641fa43e2610765a8969c89ceab00d32e648021870bd44166826c331591f
                                                                                                                                                                                                    • Instruction ID: ffce5fc3154d20936bcc9642dd506c0c77dc2b872c37a63f946b8efe466b73cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a8641fa43e2610765a8969c89ceab00d32e648021870bd44166826c331591f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E515C23709B41A1EF14AF19D44002C6BB4FB88FA4B648A35DF6D877A6DF39E891C350
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAF7AC Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                                                                    			E00007FF67FF6B0AAF7AC(void* __ecx, void* __edx, void* __ebp, void* __esp, void* __eflags, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __rbp, void* __r8, void* __r10, void* __r11, long long __r12, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed int _v24;
				void* _t46;
				signed int _t49;
				char _t55;
				void* _t64;
				void* _t69;
				signed int _t78;
				long long _t89;
				intOrPtr* _t90;
				long long _t93;
				void* _t95;
				long long _t102;
				long long _t109;
				long long _t112;
				void* _t118;
				void* _t124;

				_t118 = __r11;
				_t95 = __rcx;
				_t64 = __edx;
				_t58 = __ecx;
				_t89 = _t112;
				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = __rsi;
				 *((long long*)(_t89 + 0x18)) = __rdi;
				 *((long long*)(_t89 + 0x20)) = __r12;
				_t69 = __ecx;
				r13d = r13d | 0xffffffff;
				E00007FF67FF6B0AAB93C(__ecx, __eflags, _t89);
				_t109 = _t89;
				E00007FF67FF6B0AAF3E8(_t58, __eflags, _t89, __rbx, _t124);
				_t46 = E00007FF67FF6B0AAF4A4(_t69, __eflags, _t89);
				r12d = _t46;
				if (_t46 ==  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0xb8)) + 4))) goto 0xb0aaf981;
				E00007FF67FF6B0AAA574(__ebp, _t89,  *((intOrPtr*)(_t109 + 0xb8)), _t95, _t109, __rbp);
				_t93 = _t89;
				if (_t89 == __rdi) goto 0xb0aaf986;
				r8d = 0x220;
				E00007FF67FF6B0AAAE90(0x220, _t89 - __rdi, _t89,  *((intOrPtr*)(_t109 + 0xb8)), __r8);
				 *_t93 = 0;
				_t49 = E00007FF67FF6B0AAF534(r12d, _t64, __esp, _t89 - __rdi, _t93, _t93, __r8, __r10, _t118);
				r13d = _t49;
				_t78 = _t49;
				if (_t78 != 0) goto 0xb0aaf95b;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t78 != 0) goto 0xb0aaf85e;
				if ( *((intOrPtr*)(_t109 + 0xb8)) == 0xb0ae0bb0) goto 0xb0aaf865;
				free(??);
				goto 0xb0aaf865;
				 *((long long*)(_t109 + 0xb8)) = _t93;
				asm("lock add dword [ebx], 0x1");
				if (( *(_t109 + 0xc8) & 0x00000002) != 0) goto 0xb0aaf986;
				if (( *0xb0ae0a10 & 0x00000001) != 0) goto 0xb0aaf986;
				E00007FF67FF6B0AAFF60();
				 *0xb0ae3bd4 =  *((intOrPtr*)(_t93 + 4));
				 *0xb0ae3bd8 =  *((intOrPtr*)(_t93 + 8));
				 *0xb0ae3bdc =  *((intOrPtr*)(_t93 + 0xc));
				_v24 = 0;
				if (0 - 5 >= 0) goto 0xb0aaf8db;
				 *0x7FF6B0AE3BC8 =  *(_t93 + 0x10) & 0x0000ffff;
				_v24 = 1;
				goto 0xb0aaf8bd;
				_v24 = 0;
				if (0 - 0x101 >= 0) goto 0xb0aaf900;
				 *0x7FF6B0AE0DD0 =  *((intOrPtr*)(0 + _t93 + 0x1c));
				_v24 = 1;
				goto 0xb0aaf8e1;
				_v24 = 0;
				if (0 - 0x100 >= 0) goto 0xb0aaf926;
				_t55 =  *((intOrPtr*)(0 + _t93 + 0x11d));
				 *0x7FF6B0AE0EE0 = _t55;
				_v24 = 1;
				goto 0xb0aaf904;
				_t90 =  *0xb0ae0fe0; // 0x24b6d30
				asm("lock add dword [eax], 0xffffffff");
				if (0 != 0x100) goto 0xb0aaf944;
				_t102 =  *0xb0ae0fe0; // 0x24b6d30
				if (_t102 == 0xb0ae0bb0) goto 0xb0aaf944;
				free(??);
				 *0xb0ae0fe0 = _t93;
				asm("lock add dword [ebx], 0x1");
				E00007FF67FF6B0AAFE60();
				goto 0xb0aaf986;
				if (_t55 != 0xffffffff) goto 0xb0aaf986;
				if (_t93 == 0xb0ae0bb0) goto 0xb0aaf974;
				free(??);
				E00007FF67FF6B0AA78AC(_t90);
				 *_t90 = 0x16;
				goto 0xb0aaf986;
				r13d = 0;
				return r13d;
			}



















                                                                                                                                                                                                    0x7ff6b0aaf7ac
                                                                                                                                                                                                    0x7ff6b0aaf7ac
                                                                                                                                                                                                    0x7ff6b0aaf7ac
                                                                                                                                                                                                    0x7ff6b0aaf7ac
                                                                                                                                                                                                    0x7ff6b0aaf7ac
                                                                                                                                                                                                    0x7ff6b0aaf7af
                                                                                                                                                                                                    0x7ff6b0aaf7b3
                                                                                                                                                                                                    0x7ff6b0aaf7b7
                                                                                                                                                                                                    0x7ff6b0aaf7bb
                                                                                                                                                                                                    0x7ff6b0aaf7c5
                                                                                                                                                                                                    0x7ff6b0aaf7c7
                                                                                                                                                                                                    0x7ff6b0aaf7cb
                                                                                                                                                                                                    0x7ff6b0aaf7d0
                                                                                                                                                                                                    0x7ff6b0aaf7d3
                                                                                                                                                                                                    0x7ff6b0aaf7e1
                                                                                                                                                                                                    0x7ff6b0aaf7e6
                                                                                                                                                                                                    0x7ff6b0aaf7ec
                                                                                                                                                                                                    0x7ff6b0aaf7f7
                                                                                                                                                                                                    0x7ff6b0aaf7fc
                                                                                                                                                                                                    0x7ff6b0aaf804
                                                                                                                                                                                                    0x7ff6b0aaf814
                                                                                                                                                                                                    0x7ff6b0aaf81a
                                                                                                                                                                                                    0x7ff6b0aaf81f
                                                                                                                                                                                                    0x7ff6b0aaf827
                                                                                                                                                                                                    0x7ff6b0aaf82c
                                                                                                                                                                                                    0x7ff6b0aaf82f
                                                                                                                                                                                                    0x7ff6b0aaf831
                                                                                                                                                                                                    0x7ff6b0aaf83e
                                                                                                                                                                                                    0x7ff6b0aaf842
                                                                                                                                                                                                    0x7ff6b0aaf855
                                                                                                                                                                                                    0x7ff6b0aaf857
                                                                                                                                                                                                    0x7ff6b0aaf85c
                                                                                                                                                                                                    0x7ff6b0aaf865
                                                                                                                                                                                                    0x7ff6b0aaf86c
                                                                                                                                                                                                    0x7ff6b0aaf877
                                                                                                                                                                                                    0x7ff6b0aaf884
                                                                                                                                                                                                    0x7ff6b0aaf88f
                                                                                                                                                                                                    0x7ff6b0aaf898
                                                                                                                                                                                                    0x7ff6b0aaf8a1
                                                                                                                                                                                                    0x7ff6b0aaf8aa
                                                                                                                                                                                                    0x7ff6b0aaf8b2
                                                                                                                                                                                                    0x7ff6b0aaf8c0
                                                                                                                                                                                                    0x7ff6b0aaf8ca
                                                                                                                                                                                                    0x7ff6b0aaf8d5
                                                                                                                                                                                                    0x7ff6b0aaf8d9
                                                                                                                                                                                                    0x7ff6b0aaf8dd
                                                                                                                                                                                                    0x7ff6b0aaf8e7
                                                                                                                                                                                                    0x7ff6b0aaf8f0
                                                                                                                                                                                                    0x7ff6b0aaf8fa
                                                                                                                                                                                                    0x7ff6b0aaf8fe
                                                                                                                                                                                                    0x7ff6b0aaf900
                                                                                                                                                                                                    0x7ff6b0aaf90a
                                                                                                                                                                                                    0x7ff6b0aaf90f
                                                                                                                                                                                                    0x7ff6b0aaf916
                                                                                                                                                                                                    0x7ff6b0aaf920
                                                                                                                                                                                                    0x7ff6b0aaf924
                                                                                                                                                                                                    0x7ff6b0aaf926
                                                                                                                                                                                                    0x7ff6b0aaf92d
                                                                                                                                                                                                    0x7ff6b0aaf931
                                                                                                                                                                                                    0x7ff6b0aaf933
                                                                                                                                                                                                    0x7ff6b0aaf93d
                                                                                                                                                                                                    0x7ff6b0aaf93f
                                                                                                                                                                                                    0x7ff6b0aaf944
                                                                                                                                                                                                    0x7ff6b0aaf94b
                                                                                                                                                                                                    0x7ff6b0aaf954
                                                                                                                                                                                                    0x7ff6b0aaf959
                                                                                                                                                                                                    0x7ff6b0aaf95e
                                                                                                                                                                                                    0x7ff6b0aaf96a
                                                                                                                                                                                                    0x7ff6b0aaf96f
                                                                                                                                                                                                    0x7ff6b0aaf974
                                                                                                                                                                                                    0x7ff6b0aaf979
                                                                                                                                                                                                    0x7ff6b0aaf97f
                                                                                                                                                                                                    0x7ff6b0aaf983
                                                                                                                                                                                                    0x7ff6b0aaf9a3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2878544890-0
                                                                                                                                                                                                    • Opcode ID: dbefac1bd4e860cba46ec646c9f1af48dc9b2591202d1de2f3d620e5c24df54c
                                                                                                                                                                                                    • Instruction ID: 66c25c260e477f4035974e3717bee188512afab1cd184d2a5b6ab614f0542953
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbefac1bd4e860cba46ec646c9f1af48dc9b2591202d1de2f3d620e5c24df54c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4516223D08682A6E7689BA9944027ABB91FB84754F344935DB9E873D7CF3CE4418700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AC9FC0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0AC9FC0(void* __edx, long long __rbx, void* __rcx, long long __rsi) {
				void* _t40;
				void* _t42;
				intOrPtr _t60;
				intOrPtr* _t61;
				long long _t63;
				long long _t72;
				intOrPtr _t73;
				intOrPtr* _t77;
				long long* _t78;
				intOrPtr* _t80;
				long long _t87;
				void* _t90;
				void* _t91;

				 *((long long*)(_t90 + 8)) = __rbx;
				 *((long long*)(_t90 + 0x10)) = _t87;
				 *((long long*)(_t90 + 0x18)) = __rsi;
				_t91 = _t90 - 0x50;
				_t42 = __edx;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x60)) + 8));
				if ( *((char*)(_t60 + 0x29)) != 0) goto 0xb0ac9ffe;
				if ( *((intOrPtr*)(_t60 + 0x18)) - __edx >= 0) goto 0xb0ac9ff2;
				_t61 =  *((intOrPtr*)(_t60 + 0x10));
				goto 0xb0ac9ff8;
				_t72 = _t61;
				if ( *((char*)( *_t61 + 0x29)) == 0) goto 0xb0ac9fe7;
				_t63 =  *((intOrPtr*)(__rcx + 0x30));
				 *((long long*)(_t91 + 0x28)) = _t72;
				 *((long long*)(_t91 + 0x20)) = _t63;
				if (_t63 == 0) goto 0xb0aca01a;
				if (_t63 == _t63) goto 0xb0aca01f;
				E00007FF67FF6B0AA44B8();
				if (_t72 ==  *((intOrPtr*)(__rcx + 0x60))) goto 0xb0aca030;
				if (_t42 -  *((intOrPtr*)(_t72 + 0x18)) < 0) goto 0xb0aca030;
				goto 0xb0aca047;
				_t77 = _t91 + 0x30;
				 *((long long*)(_t91 + 0x38)) =  *((intOrPtr*)(__rcx + 0x60));
				 *((long long*)(_t91 + 0x30)) =  *((intOrPtr*)(__rcx + 0x30));
				_t78 = _t91 + 0x40;
				 *_t78 =  *_t77;
				 *((long long*)(_t78 + 8)) =  *((intOrPtr*)(_t77 + 8));
				_t80 =  *((intOrPtr*)(_t91 + 0x40));
				if (_t80 == 0) goto 0xb0aca06e;
				if (_t80 ==  *((intOrPtr*)(__rcx + 0x30))) goto 0xb0aca073;
				E00007FF67FF6B0AA44B8();
				_t73 =  *((intOrPtr*)(_t91 + 0x48));
				if (_t73 ==  *((intOrPtr*)(__rcx + 0x60))) goto 0xb0aca0c3;
				if (_t80 != 0) goto 0xb0aca08e;
				E00007FF67FF6B0AA44B8();
				goto 0xb0aca091;
				if (_t73 !=  *((intOrPtr*)( *_t80 + 0x30))) goto 0xb0aca09c;
				E00007FF67FF6B0AA44B8();
				if ( *((long long*)(_t73 + 0x20)) == 0xffffffff) goto 0xb0aca0c3;
				if (_t80 != 0) goto 0xb0aca0af;
				E00007FF67FF6B0AA44B8();
				goto 0xb0aca0b2;
				if (_t73 !=  *((intOrPtr*)( *_t80 + 0x30))) goto 0xb0aca0bd;
				_t40 = E00007FF67FF6B0AA44B8();
				goto 0xb0aca0c7;
				return _t40;
			}
















                                                                                                                                                                                                    0x7ff6b0ac9fc0
                                                                                                                                                                                                    0x7ff6b0ac9fc5
                                                                                                                                                                                                    0x7ff6b0ac9fca
                                                                                                                                                                                                    0x7ff6b0ac9fd0
                                                                                                                                                                                                    0x7ff6b0ac9fd8
                                                                                                                                                                                                    0x7ff6b0ac9fdd
                                                                                                                                                                                                    0x7ff6b0ac9fe5
                                                                                                                                                                                                    0x7ff6b0ac9fea
                                                                                                                                                                                                    0x7ff6b0ac9fec
                                                                                                                                                                                                    0x7ff6b0ac9ff0
                                                                                                                                                                                                    0x7ff6b0ac9ff2
                                                                                                                                                                                                    0x7ff6b0ac9ffc
                                                                                                                                                                                                    0x7ff6b0ac9ffe
                                                                                                                                                                                                    0x7ff6b0aca006
                                                                                                                                                                                                    0x7ff6b0aca00b
                                                                                                                                                                                                    0x7ff6b0aca013
                                                                                                                                                                                                    0x7ff6b0aca018
                                                                                                                                                                                                    0x7ff6b0aca01a
                                                                                                                                                                                                    0x7ff6b0aca022
                                                                                                                                                                                                    0x7ff6b0aca027
                                                                                                                                                                                                    0x7ff6b0aca02e
                                                                                                                                                                                                    0x7ff6b0aca034
                                                                                                                                                                                                    0x7ff6b0aca039
                                                                                                                                                                                                    0x7ff6b0aca042
                                                                                                                                                                                                    0x7ff6b0aca04e
                                                                                                                                                                                                    0x7ff6b0aca053
                                                                                                                                                                                                    0x7ff6b0aca05a
                                                                                                                                                                                                    0x7ff6b0aca05e
                                                                                                                                                                                                    0x7ff6b0aca066
                                                                                                                                                                                                    0x7ff6b0aca06c
                                                                                                                                                                                                    0x7ff6b0aca06e
                                                                                                                                                                                                    0x7ff6b0aca073
                                                                                                                                                                                                    0x7ff6b0aca07b
                                                                                                                                                                                                    0x7ff6b0aca082
                                                                                                                                                                                                    0x7ff6b0aca084
                                                                                                                                                                                                    0x7ff6b0aca08c
                                                                                                                                                                                                    0x7ff6b0aca095
                                                                                                                                                                                                    0x7ff6b0aca097
                                                                                                                                                                                                    0x7ff6b0aca0a1
                                                                                                                                                                                                    0x7ff6b0aca0a6
                                                                                                                                                                                                    0x7ff6b0aca0a8
                                                                                                                                                                                                    0x7ff6b0aca0ad
                                                                                                                                                                                                    0x7ff6b0aca0b6
                                                                                                                                                                                                    0x7ff6b0aca0b8
                                                                                                                                                                                                    0x7ff6b0aca0c1
                                                                                                                                                                                                    0x7ff6b0aca0db

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: b1dad616f5987b4a8820b29c662f81acca57bbf043e1374bbabc96fa387b78c7
                                                                                                                                                                                                    • Instruction ID: d14b47bc72cc28a00f63a69a8ceee012b024047c6788980845164c29c5d135b2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1dad616f5987b4a8820b29c662f81acca57bbf043e1374bbabc96fa387b78c7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23315F33A09B4192EB718B19D44017C6BA1FB58BE8F1A0675EB9C87BD6CF38E841C340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB5A0C Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide__initconout
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2210154019-0
                                                                                                                                                                                                    • Opcode ID: b6307e78168ad8cfc449806c29395060a627c9e19e62e9274fd19f5beea39485
                                                                                                                                                                                                    • Instruction ID: 46fc0ebdb281d1862dce08451215f12629b8846e9721b2af2661f37a6de0b0cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6307e78168ad8cfc449806c29395060a627c9e19e62e9274fd19f5beea39485
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C317133A28646A2E7108B28E4443797BA0FB817B5F600B35E76D867E6DF7CD544CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAB8B8 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871,?,?,?,00007FF6B0AA4219), ref: 00007FF6B0AAB8C2
                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871,?,?,?,00007FF6B0AA4219), ref: 00007FF6B0AAB8D0
                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871,?,?,?,00007FF6B0AA4219), ref: 00007FF6B0AAB928
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AAA5E0: Sleep.KERNEL32(?,?,?,00007FF6B0AAB8EB,?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871), ref: 00007FF6B0AAA625
                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6B0AA78B5,?,?,?,?,00007FF6B0AA4871,?,?,?,00007FF6B0AA4219), ref: 00007FF6B0AAB8FC
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AAB91F
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FF6B0AAB910
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3106088686-0
                                                                                                                                                                                                    • Opcode ID: 47fe6f310744996d0618dde16060a0968cc8db3ffcff5d940b5b223bec7bd5a3
                                                                                                                                                                                                    • Instruction ID: 083856732bc664035b3030bc9d9e11f29462fe944a148d58f34b4ab859d8c32d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fe6f310744996d0618dde16060a0968cc8db3ffcff5d940b5b223bec7bd5a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76017926E1974762EA545B6DA4445393B91EF48760F188A34CB1DD23D7DF3CE4448610
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB33F4 Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1012874770-0
                                                                                                                                                                                                    • Opcode ID: 864e03c431a6d3e9e346be6ff6aff8a7b4752ac3b6a64fe7f5e624e93be13a61
                                                                                                                                                                                                    • Instruction ID: 0525a038765ac24c72073abcbc26f0758b1209913ef6460f7fa2099313243c16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 864e03c431a6d3e9e346be6ff6aff8a7b4752ac3b6a64fe7f5e624e93be13a61
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3019E13E18446F1EA95EBA9E4914782F64FFC4B41F650931E70ED77938E6CF8C08211
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA9204 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                                                    			E00007FF67FF6B0AA9204(intOrPtr* __rcx) {
				void* _t11;
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				if ( *_t16 == 0xe0434f4d) goto 0xb0aa922d;
				_t13 =  *_t16 - 0xe06d7363;
				if ( *_t16 != 0xe06d7363) goto 0xb0aa9246;
				E00007FF67FF6B0AAB93C(_t11,  *_t16 - 0xe06d7363, _t16);
				 *(_t16 + 0x100) =  *(_t16 + 0x100) & 0x00000000;
				E00007FF67FF6B0AB0124( *_t16 - 0xe06d7363, _t16);
				asm("int3");
				E00007FF67FF6B0AAB93C(_t11, _t13, _t16);
				if ( *(_t16 + 0x100) <= 0) goto 0xb0aa9246;
				E00007FF67FF6B0AAB93C(_t11,  *(_t16 + 0x100), _t16);
				 *(_t16 + 0x100) =  *(_t16 + 0x100) - 1;
				return 0;
			}





                                                                                                                                                                                                    0x7ff6b0aa9208
                                                                                                                                                                                                    0x7ff6b0aa9211
                                                                                                                                                                                                    0x7ff6b0aa9213
                                                                                                                                                                                                    0x7ff6b0aa9219
                                                                                                                                                                                                    0x7ff6b0aa921b
                                                                                                                                                                                                    0x7ff6b0aa9220
                                                                                                                                                                                                    0x7ff6b0aa9227
                                                                                                                                                                                                    0x7ff6b0aa922c
                                                                                                                                                                                                    0x7ff6b0aa922d
                                                                                                                                                                                                    0x7ff6b0aa9239
                                                                                                                                                                                                    0x7ff6b0aa923b
                                                                                                                                                                                                    0x7ff6b0aa9240
                                                                                                                                                                                                    0x7ff6b0aa924c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: MOC$csm
                                                                                                                                                                                                    • API String ID: 3186804695-1389381023
                                                                                                                                                                                                    • Opcode ID: 00ecfaa5011b527fe4e670c7211831b1227f345612b3d7dc83072e452741e803
                                                                                                                                                                                                    • Instruction ID: 7db6ded788fd40d5c958a5a17d372fb90f739b6260a3232c9ff3e57b241d5e4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00ecfaa5011b527fe4e670c7211831b1227f345612b3d7dc83072e452741e803
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DE01237D14246A6E6152B59C0863FD3AE0EF98715FA68974C348823C3CF7C58849651
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB348C Relevance: 7.7, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF67FF6B0AB348C(void* __ebp, signed int __rbx, long long __rcx, signed int __rdi, signed int __rsi, void* __r8, void* __r9) {
				signed int _t88;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				char _t105;
				char _t106;
				char _t107;
				signed int _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t142;
				signed int* _t149;
				signed int* _t157;
				signed int* _t159;
				signed int _t176;
				char* _t213;
				char* _t214;
				signed int _t216;
				long long _t219;
				signed int _t221;
				signed int* _t223;
				signed int* _t225;
				void* _t226;
				char* _t229;
				void* _t232;
				void* _t233;
				signed int* _t234;
				void* _t236;
				signed int* _t237;
				void* _t239;
				intOrPtr* _t240;

				_t232 = __r9;
				_t228 = __r8;
				_t216 = __rdi;
				_t176 = __rbx;
				_t159 = _t225;
				_t159[2] = __rbx;
				_t159[4] = _t221;
				_t159[6] = __rsi;
				_t159[8] = __rdi;
				_t226 = _t225 - 0x40;
				r12d = 0;
				_t219 = __rcx;
				 *((long long*)(_t159 - 0x28)) = __rcx;
				 *(_t159 - 0x20) =  *(_t159 - 0x20) & _t233;
				if ( *((intOrPtr*)(__rcx + 0x18)) != r12d) goto 0xb0ab34d2;
				if ( *((intOrPtr*)(__rcx + 0x1c)) != r12d) goto 0xb0ab34d2;
				r13d = 0;
				goto 0xb0ab37db;
				_t10 = _t216 - 0x57; // 0x1
				E00007FF67FF6B0AAA5E0(__rbx, __rcx, __rdi, __rdi, __rcx, 0xb0ae01a0, _t239, _t236);
				_t223 = _t159;
				if (_t159 != 0) goto 0xb0ab34f4;
				goto 0xb0ab382c;
				E00007FF67FF6B0AAA574(__ebp, _t159, _t176, _t176, _t219, _t223);
				_t237 = _t159;
				if (_t159 != 0) goto 0xb0ab3513;
				free(_t233);
				goto 0xb0ab34ea;
				 *_t159 =  *_t159 & r12d;
				if ( *((intOrPtr*)(_t219 + 0x18)) == r12d) goto 0xb0ab3788;
				E00007FF67FF6B0AAA574(__ebp, _t159, _t176, _t176, _t219, _t223);
				_t234 = _t159;
				_t149 = _t159;
				if (_t149 != 0) goto 0xb0ab353d;
				free(??);
				goto 0xb0ab350c;
				 *_t159 =  *_t159 & 0x00000000;
				_t142 =  *(_t219 + 0x38) & 0x0000ffff;
				r9d = 0x15;
				_t13 =  &(_t223[6]); // 0x18
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t13;
				_t88 = E00007FF67FF6B0AAFB68(4, __r9 - 0x14, _t176, _t226 + 0x30, __r8);
				_t17 =  &(_t223[8]); // 0x20
				r9d = 0x14;
				 *((long long*)(_t226 + 0x20)) = _t17;
				r8d = _t142;
				_t111 = _t88;
				_t89 = E00007FF67FF6B0AAFB68(_t111, _t232 - 0x13, _t176, _t226 + 0x30, __r8);
				_t21 =  &(_t223[0xa]); // 0x28
				r9d = 0x16;
				 *((long long*)(_t226 + 0x20)) = _t21;
				r8d = _t142;
				_t112 = _t111 | _t89;
				_t90 = E00007FF67FF6B0AAFB68(_t112, _t232 - 0x15, _t176, _t226 + 0x30, __r8);
				r9d = 0x17;
				_t113 = _t112 | _t90;
				_t26 =  &(_t223[0xc]); // 0x30
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t26;
				_t91 = E00007FF67FF6B0AAFB68(_t113, _t232 - 0x16, _t176, _t226 + 0x30, __r8);
				r9d = 0x18;
				_t29 =  &(_t223[0xe]); // 0x38
				_t240 = _t29;
				r8d = _t142;
				_t114 = _t113 | _t91;
				 *((long long*)(_t226 + 0x20)) = _t240;
				_t92 = E00007FF67FF6B0AAFB68(_t114, _t232 - 0x17, _t176, _t226 + 0x30, __r8);
				r9d = 0x50;
				_t115 = _t114 | _t92;
				_t33 =  &(_t223[0x10]); // 0x40
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t33;
				_t93 = E00007FF67FF6B0AAFB68(_t115, _t232 - 0x4f, _t176, _t226 + 0x30, _t228);
				r9d = 0x51;
				_t116 = _t115 | _t93;
				_t37 =  &(_t223[0x12]); // 0x48
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t37;
				_t94 = E00007FF67FF6B0AAFB68(_t116, _t232 - 0x50, _t176, _t226 + 0x30, _t228);
				r9d = 0x1a;
				_t117 = _t116 | _t94;
				_t42 =  &(_t223[0x14]); // 0x50
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t42;
				_t95 = E00007FF67FF6B0AAFB68(_t117, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x19;
				_t118 = _t117 | _t95;
				_t45 =  &(_t223[0x14]); // 0x51
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t45;
				_t96 = E00007FF67FF6B0AAFB68(_t118, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x54;
				_t119 = _t118 | _t96;
				_t48 =  &(_t223[0x14]); // 0x52
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t48;
				_t120 = _t119 | E00007FF67FF6B0AAFB68(_t119, 0, _t176, _t226 + 0x30, _t228);
				_t50 =  &(_t223[0x14]); // 0x53
				r9d = 0x55;
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t50;
				_t121 = _t120 | E00007FF67FF6B0AAFB68(_t120, 0, _t176, _t226 + 0x30, _t228);
				_t54 =  &(_t223[0x15]); // 0x54
				r9d = 0x56;
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t54;
				_t99 = E00007FF67FF6B0AAFB68(_t121, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x57;
				_t122 = _t121 | _t99;
				_t57 =  &(_t223[0x15]); // 0x55
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t57;
				_t100 = E00007FF67FF6B0AAFB68(_t122, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x52;
				_t60 =  &(_t223[0x15]); // 0x56
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t60;
				_t101 = E00007FF67FF6B0AAFB68(_t122 | _t100, 0, _t176, _t226 + 0x30, _t228);
				r9d = 0x53;
				_t63 =  &(_t223[0x15]); // 0x57
				r8d = _t142;
				 *((long long*)(_t226 + 0x20)) = _t63;
				_t102 = E00007FF67FF6B0AAFB68(_t122 | _t100 | _t101, 0, _t176, _t226 + 0x30, _t228);
				if (_t149 == 0) goto 0xb0ab3754;
				E00007FF67FF6B0AB33F4(_t102 | _t122 | _t100 | _t101, _t223);
				free(??);
				free(??);
				goto 0xb0ab350c;
				_t213 =  *_t240;
				goto 0xb0ab376a;
				_t105 =  *_t213;
				if (_t105 - 0x30 < 0) goto 0xb0ab3771;
				if (_t105 - 0x39 > 0) goto 0xb0ab3771;
				_t106 = _t105 - 0x30;
				 *_t213 = _t106;
				_t214 = _t213 + 1;
				if ( *_t214 != 0) goto 0xb0ab3759;
				goto 0xb0ab379a;
				if (_t106 != 0x3b) goto 0xb0ab3767;
				_t229 = _t214;
				_t107 =  *((intOrPtr*)(_t229 + 1));
				 *_t229 = _t107;
				if (_t107 != 0) goto 0xb0ab3778;
				goto 0xb0ab376a;
				E00007FF67FF6B0AAAE90(_t10, _t107, _t223, 0xb0ae01a0, _t216);
				 *_t223 =  *( *(_t219 + 0x128));
				_t223[2] = ( *(_t219 + 0x128))[2];
				_t223[4] = ( *(_t219 + 0x128))[4];
				 *_t237 = 1;
				if (_t234 == 0) goto 0xb0ab37db;
				 *_t234 = 1;
				if ( *(_t219 + 0x120) == 0) goto 0xb0ab37eb;
				asm("lock add dword [eax], 0xffffffff");
				_t157 =  *(_t219 + 0x110);
				if (_t157 == 0) goto 0xb0ab3815;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t157 != 0) goto 0xb0ab3815;
				free(??);
				free(??);
				 *(_t219 + 0x120) = _t234;
				 *(_t219 + 0x110) = _t237;
				 *(_t219 + 0x128) = _t223;
				return 0;
			}




















































                                                                                                                                                                                                    0x7ff6b0ab348c
                                                                                                                                                                                                    0x7ff6b0ab348c
                                                                                                                                                                                                    0x7ff6b0ab348c
                                                                                                                                                                                                    0x7ff6b0ab348c
                                                                                                                                                                                                    0x7ff6b0ab348c
                                                                                                                                                                                                    0x7ff6b0ab348f
                                                                                                                                                                                                    0x7ff6b0ab3493
                                                                                                                                                                                                    0x7ff6b0ab3497
                                                                                                                                                                                                    0x7ff6b0ab349b
                                                                                                                                                                                                    0x7ff6b0ab34a5
                                                                                                                                                                                                    0x7ff6b0ab34a9
                                                                                                                                                                                                    0x7ff6b0ab34ac
                                                                                                                                                                                                    0x7ff6b0ab34af
                                                                                                                                                                                                    0x7ff6b0ab34b3
                                                                                                                                                                                                    0x7ff6b0ab34bb
                                                                                                                                                                                                    0x7ff6b0ab34c1
                                                                                                                                                                                                    0x7ff6b0ab34c3
                                                                                                                                                                                                    0x7ff6b0ab34cd
                                                                                                                                                                                                    0x7ff6b0ab34da
                                                                                                                                                                                                    0x7ff6b0ab34dd
                                                                                                                                                                                                    0x7ff6b0ab34e2
                                                                                                                                                                                                    0x7ff6b0ab34e8
                                                                                                                                                                                                    0x7ff6b0ab34ef
                                                                                                                                                                                                    0x7ff6b0ab34fc
                                                                                                                                                                                                    0x7ff6b0ab3501
                                                                                                                                                                                                    0x7ff6b0ab3507
                                                                                                                                                                                                    0x7ff6b0ab350c
                                                                                                                                                                                                    0x7ff6b0ab3511
                                                                                                                                                                                                    0x7ff6b0ab3513
                                                                                                                                                                                                    0x7ff6b0ab351a
                                                                                                                                                                                                    0x7ff6b0ab3523
                                                                                                                                                                                                    0x7ff6b0ab3528
                                                                                                                                                                                                    0x7ff6b0ab352b
                                                                                                                                                                                                    0x7ff6b0ab352e
                                                                                                                                                                                                    0x7ff6b0ab3533
                                                                                                                                                                                                    0x7ff6b0ab353b
                                                                                                                                                                                                    0x7ff6b0ab353d
                                                                                                                                                                                                    0x7ff6b0ab3540
                                                                                                                                                                                                    0x7ff6b0ab3544
                                                                                                                                                                                                    0x7ff6b0ab354a
                                                                                                                                                                                                    0x7ff6b0ab3557
                                                                                                                                                                                                    0x7ff6b0ab355a
                                                                                                                                                                                                    0x7ff6b0ab355f
                                                                                                                                                                                                    0x7ff6b0ab3564
                                                                                                                                                                                                    0x7ff6b0ab3568
                                                                                                                                                                                                    0x7ff6b0ab356e
                                                                                                                                                                                                    0x7ff6b0ab357c
                                                                                                                                                                                                    0x7ff6b0ab357f
                                                                                                                                                                                                    0x7ff6b0ab3581
                                                                                                                                                                                                    0x7ff6b0ab3586
                                                                                                                                                                                                    0x7ff6b0ab358a
                                                                                                                                                                                                    0x7ff6b0ab3590
                                                                                                                                                                                                    0x7ff6b0ab359e
                                                                                                                                                                                                    0x7ff6b0ab35a1
                                                                                                                                                                                                    0x7ff6b0ab35a3
                                                                                                                                                                                                    0x7ff6b0ab35a8
                                                                                                                                                                                                    0x7ff6b0ab35b3
                                                                                                                                                                                                    0x7ff6b0ab35b5
                                                                                                                                                                                                    0x7ff6b0ab35bd
                                                                                                                                                                                                    0x7ff6b0ab35c0
                                                                                                                                                                                                    0x7ff6b0ab35c5
                                                                                                                                                                                                    0x7ff6b0ab35ca
                                                                                                                                                                                                    0x7ff6b0ab35d0
                                                                                                                                                                                                    0x7ff6b0ab35d0
                                                                                                                                                                                                    0x7ff6b0ab35dd
                                                                                                                                                                                                    0x7ff6b0ab35e0
                                                                                                                                                                                                    0x7ff6b0ab35e2
                                                                                                                                                                                                    0x7ff6b0ab35e7
                                                                                                                                                                                                    0x7ff6b0ab35ec
                                                                                                                                                                                                    0x7ff6b0ab35f2
                                                                                                                                                                                                    0x7ff6b0ab35f4
                                                                                                                                                                                                    0x7ff6b0ab3601
                                                                                                                                                                                                    0x7ff6b0ab3604
                                                                                                                                                                                                    0x7ff6b0ab3609
                                                                                                                                                                                                    0x7ff6b0ab360e
                                                                                                                                                                                                    0x7ff6b0ab3614
                                                                                                                                                                                                    0x7ff6b0ab3616
                                                                                                                                                                                                    0x7ff6b0ab3623
                                                                                                                                                                                                    0x7ff6b0ab3626
                                                                                                                                                                                                    0x7ff6b0ab362b
                                                                                                                                                                                                    0x7ff6b0ab3635
                                                                                                                                                                                                    0x7ff6b0ab363b
                                                                                                                                                                                                    0x7ff6b0ab363d
                                                                                                                                                                                                    0x7ff6b0ab3641
                                                                                                                                                                                                    0x7ff6b0ab3646
                                                                                                                                                                                                    0x7ff6b0ab364b
                                                                                                                                                                                                    0x7ff6b0ab3655
                                                                                                                                                                                                    0x7ff6b0ab365b
                                                                                                                                                                                                    0x7ff6b0ab365d
                                                                                                                                                                                                    0x7ff6b0ab3661
                                                                                                                                                                                                    0x7ff6b0ab3666
                                                                                                                                                                                                    0x7ff6b0ab366b
                                                                                                                                                                                                    0x7ff6b0ab3675
                                                                                                                                                                                                    0x7ff6b0ab367b
                                                                                                                                                                                                    0x7ff6b0ab367d
                                                                                                                                                                                                    0x7ff6b0ab3681
                                                                                                                                                                                                    0x7ff6b0ab3686
                                                                                                                                                                                                    0x7ff6b0ab3690
                                                                                                                                                                                                    0x7ff6b0ab3692
                                                                                                                                                                                                    0x7ff6b0ab369b
                                                                                                                                                                                                    0x7ff6b0ab36a1
                                                                                                                                                                                                    0x7ff6b0ab36a6
                                                                                                                                                                                                    0x7ff6b0ab36b5
                                                                                                                                                                                                    0x7ff6b0ab36b7
                                                                                                                                                                                                    0x7ff6b0ab36bb
                                                                                                                                                                                                    0x7ff6b0ab36c1
                                                                                                                                                                                                    0x7ff6b0ab36c6
                                                                                                                                                                                                    0x7ff6b0ab36cb
                                                                                                                                                                                                    0x7ff6b0ab36d5
                                                                                                                                                                                                    0x7ff6b0ab36db
                                                                                                                                                                                                    0x7ff6b0ab36dd
                                                                                                                                                                                                    0x7ff6b0ab36e1
                                                                                                                                                                                                    0x7ff6b0ab36e6
                                                                                                                                                                                                    0x7ff6b0ab36eb
                                                                                                                                                                                                    0x7ff6b0ab36f5
                                                                                                                                                                                                    0x7ff6b0ab36fd
                                                                                                                                                                                                    0x7ff6b0ab3701
                                                                                                                                                                                                    0x7ff6b0ab3706
                                                                                                                                                                                                    0x7ff6b0ab370b
                                                                                                                                                                                                    0x7ff6b0ab3715
                                                                                                                                                                                                    0x7ff6b0ab371d
                                                                                                                                                                                                    0x7ff6b0ab3721
                                                                                                                                                                                                    0x7ff6b0ab3726
                                                                                                                                                                                                    0x7ff6b0ab372b
                                                                                                                                                                                                    0x7ff6b0ab3732
                                                                                                                                                                                                    0x7ff6b0ab3737
                                                                                                                                                                                                    0x7ff6b0ab373f
                                                                                                                                                                                                    0x7ff6b0ab3747
                                                                                                                                                                                                    0x7ff6b0ab374f
                                                                                                                                                                                                    0x7ff6b0ab3754
                                                                                                                                                                                                    0x7ff6b0ab3757
                                                                                                                                                                                                    0x7ff6b0ab3759
                                                                                                                                                                                                    0x7ff6b0ab375d
                                                                                                                                                                                                    0x7ff6b0ab3761
                                                                                                                                                                                                    0x7ff6b0ab3763
                                                                                                                                                                                                    0x7ff6b0ab3765
                                                                                                                                                                                                    0x7ff6b0ab3767
                                                                                                                                                                                                    0x7ff6b0ab376d
                                                                                                                                                                                                    0x7ff6b0ab376f
                                                                                                                                                                                                    0x7ff6b0ab3773
                                                                                                                                                                                                    0x7ff6b0ab3775
                                                                                                                                                                                                    0x7ff6b0ab3778
                                                                                                                                                                                                    0x7ff6b0ab377c
                                                                                                                                                                                                    0x7ff6b0ab3784
                                                                                                                                                                                                    0x7ff6b0ab3786
                                                                                                                                                                                                    0x7ff6b0ab3795
                                                                                                                                                                                                    0x7ff6b0ab37a4
                                                                                                                                                                                                    0x7ff6b0ab37b3
                                                                                                                                                                                                    0x7ff6b0ab37c2
                                                                                                                                                                                                    0x7ff6b0ab37c6
                                                                                                                                                                                                    0x7ff6b0ab37d1
                                                                                                                                                                                                    0x7ff6b0ab37d3
                                                                                                                                                                                                    0x7ff6b0ab37e5
                                                                                                                                                                                                    0x7ff6b0ab37e7
                                                                                                                                                                                                    0x7ff6b0ab37f2
                                                                                                                                                                                                    0x7ff6b0ab37f5
                                                                                                                                                                                                    0x7ff6b0ab37f7
                                                                                                                                                                                                    0x7ff6b0ab37fb
                                                                                                                                                                                                    0x7ff6b0ab3804
                                                                                                                                                                                                    0x7ff6b0ab3810
                                                                                                                                                                                                    0x7ff6b0ab3815
                                                                                                                                                                                                    0x7ff6b0ab381c
                                                                                                                                                                                                    0x7ff6b0ab3823
                                                                                                                                                                                                    0x7ff6b0ab384a

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: 6dfd3ff1200bf06653a9c526eabe73c63303c5f0231cfc1aad9142993ce12b02
                                                                                                                                                                                                    • Instruction ID: 110671fa78a136937689533fd88792360f7761af04e201a5bd2b6faea4e41220
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dfd3ff1200bf06653a9c526eabe73c63303c5f0231cfc1aad9142993ce12b02
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02B1B333B08B86A9EB64DF6AE4505A97BA0FB89744F404531EB8E83786DF3CD105C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACA560 Relevance: 7.6, APIs: 5, Instructions: 130fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                                                                    			E00007FF67FF6B0ACA560(void* __ebx, void* __ecx, void* __edi, long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long __r8, void* __r9, char _a8, char _a32) {
				void* _v24;
				long long _v40;
				long long _v48;
				long long _v56;
				char _v80;
				long long _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				intOrPtr _t74;
				void* _t84;
				void* _t87;
				void* _t92;
				long long* _t93;
				long long _t100;
				void* _t104;
				intOrPtr _t120;
				void* _t135;
				void* _t138;
				void* _t140;
				void* _t145;
				long long _t150;

				_t92 = _t140;
				_v88 = 0xfffffffe;
				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rbp;
				_t100 = __r8;
				_t138 = __rdx;
				_t135 = __rcx;
				r12d = 0;
				 *((intOrPtr*)(_t92 + 0x20)) = r12d;
				if ( *((intOrPtr*)(__rcx + 0x28)) == r12b) goto 0xb0aca6fe;
				_t136 = __rcx + 0x70;
				_t124 = __rcx + 0x70;
				E00007FF67FF6B0AC78E0(__ebx, __edi, __r8, __rcx + 0x90, __rcx + 0x70, __rcx, _t136);
				r8d = 0;
				E00007FF67FF6B0A94D20(_t136 + 0x210, _t136);
				r8d = 0;
				E00007FF67FF6B0A94D20(_t136 + 0x240, _t124);
				if ( *((intOrPtr*)(_t100 + 0x18)) == _t150) goto 0xb0aca5f7;
				_t93 =  *((intOrPtr*)(_t100 + 0x18));
				if ( *((long long*)(_t100 + 0x20)) - 8 < 0) goto 0xb0aca5df;
				goto 0xb0aca5e3;
				r8d = _t93 + _t93;
				_t84 = E00007FF67FF6B0AC9680(__ebx, 0, _t136, _t100 + 8);
				if (_t84 == 0) goto 0xb0aca750;
				E00007FF67FF6B0AC91A0(_t100, _t136, _t100 + 8, _t136, _t138);
				_t74 =  *((intOrPtr*)(_t135 + 0x2d0)) -  *((intOrPtr*)(_t135 + 0x2c8));
				if (_t84 == 0) goto 0xb0aca750;
				E00007FF67FF6B0AA45E0(_t93, _t136);
				if (_t93 == 0) goto 0xb0aca62a;
				 *_t93 =  &_v80;
				goto 0xb0aca62d;
				_v80 = _t150;
				_a8 = 0;
				E00007FF67FF6B0A94CA0(_t150, _t100,  &_v80, _t100 + 4, _t136,  &_a8);
				if (_v48 != _v56) goto 0xb0aca66c;
				E00007FF67FF6B0AA44B8();
				 *_v56 = _t74;
				_t87 = _v48 - _v56 - 4;
				if (_t87 > 0) goto 0xb0aca68b;
				E00007FF67FF6B0AA44B8();
				E00007FF67FF6B0AC8A00(_t136);
				_t145 = _t135;
				E00007FF67FF6B0AAAE90(8, _t87, _v56 + 4, _v48 - _v56, _t145);
				_t104 = _v48 - _v56;
				if (_t87 != 0) goto 0xb0aca6bb;
				E00007FF67FF6B0AA44B8();
				_v104 = _t150;
				r8d = _t74;
				WriteFile(??, ??, ??, ??, ??);
				if (_v56 == 0) goto 0xb0aca6e3;
				E00007FF67FF6B0AA44D8(_v48 - _v56, _t104, _v56, _v56, _t136, _t145,  &_a32);
				_v56 = _t150;
				_v48 = _t150;
				_v40 = _t150;
				_t120 = _v80;
				E00007FF67FF6B0AA44D8(_v48 - _v56, _t104, _t120, _v56, _t136, _t145,  &_a32);
				goto 0xb0aca750;
				if ( *((intOrPtr*)(_t120 + 0x29)) == r12b) goto 0xb0aca721;
				if ( *((long long*)(_t145 + 0x20)) - 8 < 0) goto 0xb0aca711;
				goto 0xb0aca715;
				E00007FF67FF6B0AA6068(L"%s", _t145 + 8, _t145,  &_a32);
				if ( *((long long*)(_t104 + 0x20)) - 8 < 0) goto 0xb0aca732;
				goto 0xb0aca736;
				r8d =  *((intOrPtr*)(_t104 + 0x18)) +  *((intOrPtr*)(_t104 + 0x18));
				_v104 = _t150;
				return WriteFile(??, ??, ??, ??, ??);
			}

























                                                                                                                                                                                                    0x7ff6b0aca560
                                                                                                                                                                                                    0x7ff6b0aca56b
                                                                                                                                                                                                    0x7ff6b0aca574
                                                                                                                                                                                                    0x7ff6b0aca578
                                                                                                                                                                                                    0x7ff6b0aca57c
                                                                                                                                                                                                    0x7ff6b0aca57f
                                                                                                                                                                                                    0x7ff6b0aca582
                                                                                                                                                                                                    0x7ff6b0aca585
                                                                                                                                                                                                    0x7ff6b0aca588
                                                                                                                                                                                                    0x7ff6b0aca590
                                                                                                                                                                                                    0x7ff6b0aca596
                                                                                                                                                                                                    0x7ff6b0aca59e
                                                                                                                                                                                                    0x7ff6b0aca5a1
                                                                                                                                                                                                    0x7ff6b0aca5ad
                                                                                                                                                                                                    0x7ff6b0aca5b2
                                                                                                                                                                                                    0x7ff6b0aca5be
                                                                                                                                                                                                    0x7ff6b0aca5c3
                                                                                                                                                                                                    0x7ff6b0aca5cc
                                                                                                                                                                                                    0x7ff6b0aca5ce
                                                                                                                                                                                                    0x7ff6b0aca5d7
                                                                                                                                                                                                    0x7ff6b0aca5dd
                                                                                                                                                                                                    0x7ff6b0aca5e3
                                                                                                                                                                                                    0x7ff6b0aca5ef
                                                                                                                                                                                                    0x7ff6b0aca5f1
                                                                                                                                                                                                    0x7ff6b0aca5fa
                                                                                                                                                                                                    0x7ff6b0aca605
                                                                                                                                                                                                    0x7ff6b0aca60b
                                                                                                                                                                                                    0x7ff6b0aca616
                                                                                                                                                                                                    0x7ff6b0aca61e
                                                                                                                                                                                                    0x7ff6b0aca625
                                                                                                                                                                                                    0x7ff6b0aca628
                                                                                                                                                                                                    0x7ff6b0aca62d
                                                                                                                                                                                                    0x7ff6b0aca632
                                                                                                                                                                                                    0x7ff6b0aca64d
                                                                                                                                                                                                    0x7ff6b0aca660
                                                                                                                                                                                                    0x7ff6b0aca662
                                                                                                                                                                                                    0x7ff6b0aca66c
                                                                                                                                                                                                    0x7ff6b0aca67b
                                                                                                                                                                                                    0x7ff6b0aca67f
                                                                                                                                                                                                    0x7ff6b0aca681
                                                                                                                                                                                                    0x7ff6b0aca68e
                                                                                                                                                                                                    0x7ff6b0aca696
                                                                                                                                                                                                    0x7ff6b0aca69d
                                                                                                                                                                                                    0x7ff6b0aca6ac
                                                                                                                                                                                                    0x7ff6b0aca6af
                                                                                                                                                                                                    0x7ff6b0aca6b1
                                                                                                                                                                                                    0x7ff6b0aca6bb
                                                                                                                                                                                                    0x7ff6b0aca6c8
                                                                                                                                                                                                    0x7ff6b0aca6ce
                                                                                                                                                                                                    0x7ff6b0aca6dc
                                                                                                                                                                                                    0x7ff6b0aca6de
                                                                                                                                                                                                    0x7ff6b0aca6e3
                                                                                                                                                                                                    0x7ff6b0aca6e8
                                                                                                                                                                                                    0x7ff6b0aca6ed
                                                                                                                                                                                                    0x7ff6b0aca6f2
                                                                                                                                                                                                    0x7ff6b0aca6f7
                                                                                                                                                                                                    0x7ff6b0aca6fc
                                                                                                                                                                                                    0x7ff6b0aca702
                                                                                                                                                                                                    0x7ff6b0aca709
                                                                                                                                                                                                    0x7ff6b0aca70f
                                                                                                                                                                                                    0x7ff6b0aca71c
                                                                                                                                                                                                    0x7ff6b0aca72a
                                                                                                                                                                                                    0x7ff6b0aca730
                                                                                                                                                                                                    0x7ff6b0aca736
                                                                                                                                                                                                    0x7ff6b0aca73a
                                                                                                                                                                                                    0x7ff6b0aca764

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$FileWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 255116272-0
                                                                                                                                                                                                    • Opcode ID: f65e552bf3d28aa478b740350a4f5241e804a358c94a3600ca4f6d6addcbd357
                                                                                                                                                                                                    • Instruction ID: cb10d97c460e9dc33d06991e7feec7a3c5324d8f14128ea437ae41acdc133ba0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f65e552bf3d28aa478b740350a4f5241e804a358c94a3600ca4f6d6addcbd357
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451B533608A81A6EB20DF29D4405BEBB60FB94B98F554931EB4E87796CF3CD445C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A955C0 Relevance: 7.6, APIs: 5, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF67FF6B0A955C0(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, intOrPtr* __r9) {
				void* _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				intOrPtr _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				long long _t93;
				long long* _t106;
				intOrPtr* _t107;
				long long _t109;
				long long _t110;
				long long* _t112;
				intOrPtr* _t113;
				long long _t125;
				intOrPtr* _t126;
				void* _t128;
				void* _t129;
				long long* _t136;

				_t103 = __rcx;
				 *((long long*)(_t128 + 8)) = __rbx;
				 *((long long*)(_t128 + 0x10)) = _t125;
				 *((long long*)(_t128 + 0x18)) = __rsi;
				 *((long long*)(_t128 + 0x20)) = __rdi;
				_t129 = _t128 - 0x50;
				_t5 = _t103 + 0x30; // 0x44c748000000e0ec
				_t80 =  *((intOrPtr*)(__r8));
				_t136 = __rdx;
				_t126 = __rcx;
				if (_t80 == 0) goto 0xb0a955fa;
				if (_t80 ==  *__rcx) goto 0xb0a955ff;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r8 + 8)) !=  *((intOrPtr*)( *_t5))) goto 0xb0a95670;
				_t81 =  *__r9;
				_t7 = _t126 + 0x30; // 0x44c748000000e0ec
				if (_t81 == 0) goto 0xb0a95617;
				if (_t81 ==  *__rcx) goto 0xb0a9561c;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r9 + 8)) !=  *_t7) goto 0xb0a95670;
				_t9 = _t126 + 0x30; // 0x44c748000000e0ec
				E00007FF67FF6B0A96320(__r8, __rcx,  *((intOrPtr*)( *_t9 + 8)), __r9, __rcx);
				_t11 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)( *_t11 + 8)) =  *_t11;
				_t13 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)(_t126 + 0x38)) = 0;
				 *((long long*)( *_t13)) =  *_t13;
				_t15 = _t126 + 0x30; // 0x44c748000000e0ec
				 *((long long*)( *_t15 + 0x10)) =  *_t15;
				_t17 = _t126 + 0x30; // 0x44c748000000e0ec
				 *_t136 =  *_t126;
				 *((long long*)(_t136 + 8)) =  *((intOrPtr*)( *_t17));
				goto 0xb0a95766;
				asm("o16 nop [eax+eax]");
				_t86 =  *((intOrPtr*)(__r8));
				if (_t86 == 0) goto 0xb0a9567d;
				if (_t86 ==  *__r9) goto 0xb0a95682;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r8 + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0xb0a9572e;
				_t106 = _t129 + 0x20;
				 *_t106 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t106 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *__r8 != 0) goto 0xb0a956ae;
				E00007FF67FF6B0AA44B8();
				_t90 =  *((intOrPtr*)(__r8 + 8));
				if ( *((char*)(_t90 + 0x39)) == 0) goto 0xb0a956bf;
				E00007FF67FF6B0AA44B8();
				goto 0xb0a9570c;
				_t107 =  *((intOrPtr*)(_t90 + 0x10));
				if ( *((char*)(_t107 + 0x39)) != 0) goto 0xb0a956e0;
				_t91 =  *_t107;
				if ( *((char*)(_t91 + 0x39)) != 0) goto 0xb0a95708;
				_t92 =  *_t91;
				if ( *((char*)(_t92 + 0x39)) == 0) goto 0xb0a956d2;
				goto 0xb0a95708;
				_t109 =  *((intOrPtr*)(_t92 + 8));
				if ( *((char*)(_t109 + 0x39)) != 0) goto 0xb0a95708;
				asm("o16 nop [eax+eax]");
				_t93 =  *((intOrPtr*)(_t109 + 0x10));
				if ( *((intOrPtr*)(__r8 + 8)) != _t93) goto 0xb0a95708;
				 *((long long*)(__r8 + 8)) = _t109;
				_t110 =  *((intOrPtr*)(_t109 + 8));
				if ( *((char*)(_t110 + 0x39)) == 0) goto 0xb0a956f0;
				 *((long long*)(__r8 + 8)) = _t110;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t59 = E00007FF67FF6B0A95EB0(_t60, _t61, __r8, _t126, _t129 + 0x40, __r9, _t129 + 0x30, __r9);
				goto 0xb0a95670;
				_t112 = _t129 + 0x30;
				 *_t112 = _t93;
				 *((long long*)(_t112 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t113 = _t129 + 0x20;
				 *((long long*)(_t129 + 0x28)) =  *((intOrPtr*)(_t129 + 0x38));
				 *((long long*)(_t129 + 0x20)) =  *_t126;
				 *_t136 =  *_t113;
				 *((long long*)(_t136 + 8)) =  *((intOrPtr*)(_t113 + 8));
				return _t59;
			}
























                                                                                                                                                                                                    0x7ff6b0a955c0
                                                                                                                                                                                                    0x7ff6b0a955c0
                                                                                                                                                                                                    0x7ff6b0a955c5
                                                                                                                                                                                                    0x7ff6b0a955ca
                                                                                                                                                                                                    0x7ff6b0a955cf
                                                                                                                                                                                                    0x7ff6b0a955d6
                                                                                                                                                                                                    0x7ff6b0a955da
                                                                                                                                                                                                    0x7ff6b0a955e7
                                                                                                                                                                                                    0x7ff6b0a955ea
                                                                                                                                                                                                    0x7ff6b0a955ed
                                                                                                                                                                                                    0x7ff6b0a955f3
                                                                                                                                                                                                    0x7ff6b0a955f8
                                                                                                                                                                                                    0x7ff6b0a955fa
                                                                                                                                                                                                    0x7ff6b0a95603
                                                                                                                                                                                                    0x7ff6b0a95605
                                                                                                                                                                                                    0x7ff6b0a95608
                                                                                                                                                                                                    0x7ff6b0a9560f
                                                                                                                                                                                                    0x7ff6b0a95615
                                                                                                                                                                                                    0x7ff6b0a95617
                                                                                                                                                                                                    0x7ff6b0a95620
                                                                                                                                                                                                    0x7ff6b0a95622
                                                                                                                                                                                                    0x7ff6b0a9562d
                                                                                                                                                                                                    0x7ff6b0a95632
                                                                                                                                                                                                    0x7ff6b0a95636
                                                                                                                                                                                                    0x7ff6b0a9563a
                                                                                                                                                                                                    0x7ff6b0a9563e
                                                                                                                                                                                                    0x7ff6b0a95646
                                                                                                                                                                                                    0x7ff6b0a95649
                                                                                                                                                                                                    0x7ff6b0a9564d
                                                                                                                                                                                                    0x7ff6b0a95651
                                                                                                                                                                                                    0x7ff6b0a9565c
                                                                                                                                                                                                    0x7ff6b0a95660
                                                                                                                                                                                                    0x7ff6b0a95665
                                                                                                                                                                                                    0x7ff6b0a9566a
                                                                                                                                                                                                    0x7ff6b0a95670
                                                                                                                                                                                                    0x7ff6b0a95676
                                                                                                                                                                                                    0x7ff6b0a9567b
                                                                                                                                                                                                    0x7ff6b0a9567d
                                                                                                                                                                                                    0x7ff6b0a9568d
                                                                                                                                                                                                    0x7ff6b0a95697
                                                                                                                                                                                                    0x7ff6b0a9569c
                                                                                                                                                                                                    0x7ff6b0a956a3
                                                                                                                                                                                                    0x7ff6b0a956a7
                                                                                                                                                                                                    0x7ff6b0a956a9
                                                                                                                                                                                                    0x7ff6b0a956ae
                                                                                                                                                                                                    0x7ff6b0a956b6
                                                                                                                                                                                                    0x7ff6b0a956b8
                                                                                                                                                                                                    0x7ff6b0a956bd
                                                                                                                                                                                                    0x7ff6b0a956bf
                                                                                                                                                                                                    0x7ff6b0a956c7
                                                                                                                                                                                                    0x7ff6b0a956c9
                                                                                                                                                                                                    0x7ff6b0a956d0
                                                                                                                                                                                                    0x7ff6b0a956d5
                                                                                                                                                                                                    0x7ff6b0a956dc
                                                                                                                                                                                                    0x7ff6b0a956de
                                                                                                                                                                                                    0x7ff6b0a956e0
                                                                                                                                                                                                    0x7ff6b0a956e8
                                                                                                                                                                                                    0x7ff6b0a956ea
                                                                                                                                                                                                    0x7ff6b0a956f0
                                                                                                                                                                                                    0x7ff6b0a956f8
                                                                                                                                                                                                    0x7ff6b0a956fa
                                                                                                                                                                                                    0x7ff6b0a956fe
                                                                                                                                                                                                    0x7ff6b0a95706
                                                                                                                                                                                                    0x7ff6b0a95708
                                                                                                                                                                                                    0x7ff6b0a9570c
                                                                                                                                                                                                    0x7ff6b0a9571e
                                                                                                                                                                                                    0x7ff6b0a95724
                                                                                                                                                                                                    0x7ff6b0a95729
                                                                                                                                                                                                    0x7ff6b0a9572e
                                                                                                                                                                                                    0x7ff6b0a95733
                                                                                                                                                                                                    0x7ff6b0a9573a
                                                                                                                                                                                                    0x7ff6b0a95743
                                                                                                                                                                                                    0x7ff6b0a95748
                                                                                                                                                                                                    0x7ff6b0a95751
                                                                                                                                                                                                    0x7ff6b0a95759
                                                                                                                                                                                                    0x7ff6b0a95761
                                                                                                                                                                                                    0x7ff6b0a95783

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: f24478f95e3a0eeb8cc74fcbd0085942c264e63632729c83631c048cfd9381a0
                                                                                                                                                                                                    • Instruction ID: 06a3ab7f6a1682454c0588fdb98bfc21ba0386c035026bf7f83c927604de3367
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f24478f95e3a0eeb8cc74fcbd0085942c264e63632729c83631c048cfd9381a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0514B33609B85A5DB50CF29D48526D7BA5F748B84F988831EB8D837A6DF39D491C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9C520 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF67FF6B0A9C520(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long* __r8, intOrPtr* __r9) {
				void* _t51;
				void* _t52;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t81;
				long long _t82;
				long long* _t94;
				intOrPtr* _t95;
				long long _t97;
				long long _t98;
				long long* _t100;
				intOrPtr* _t101;
				long long _t111;
				intOrPtr* _t112;
				void* _t114;
				void* _t115;
				void* _t121;
				long long* _t122;

				 *((long long*)(_t114 + 8)) = __rbx;
				 *((long long*)(_t114 + 0x10)) = _t111;
				 *((long long*)(_t114 + 0x18)) = __rsi;
				 *((long long*)(_t114 + 0x20)) = __rdi;
				_t115 = _t114 - 0x50;
				_t71 =  *((intOrPtr*)(__r8));
				_t122 = __rdx;
				_t112 = __rcx;
				if (_t71 == 0) goto 0xb0a9c55a;
				if (_t71 ==  *__rcx) goto 0xb0a9c55f;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r8 + 8)) !=  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x30))))) goto 0xb0a9c5a3;
				_t72 =  *__r9;
				if (_t72 == 0) goto 0xb0a9c577;
				if (_t72 ==  *__rcx) goto 0xb0a9c57c;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r9 + 8)) !=  *((intOrPtr*)(__rcx + 0x30))) goto 0xb0a9c5a3;
				E00007FF67FF6B0A9CB50(__r8, __rcx, __r9, _t121);
				 *((long long*)(_t122 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x30))));
				 *_t122 =  *_t112;
				goto 0xb0a9c6a6;
				_t75 =  *((intOrPtr*)(__r8));
				if (_t75 == 0) goto 0xb0a9c5b0;
				if (_t75 ==  *__r9) goto 0xb0a9c5b5;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__r8 + 8)) ==  *((intOrPtr*)(__r9 + 8))) goto 0xb0a9c66e;
				_t94 = _t115 + 0x20;
				 *_t94 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t94 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ( *__r8 != 0) goto 0xb0a9c5e1;
				E00007FF67FF6B0AA44B8();
				_t79 =  *((intOrPtr*)(__r8 + 8));
				if ( *((char*)(_t79 + 0x29)) == 0) goto 0xb0a9c5f2;
				E00007FF67FF6B0AA44B8();
				goto 0xb0a9c64c;
				_t95 =  *((intOrPtr*)(_t79 + 0x10));
				if ( *((char*)(_t95 + 0x29)) != 0) goto 0xb0a9c61e;
				_t80 =  *_t95;
				if ( *((char*)(_t80 + 0x29)) != 0) goto 0xb0a9c648;
				asm("o16 nop [eax+eax]");
				_t81 =  *_t80;
				if ( *((char*)(_t81 + 0x29)) == 0) goto 0xb0a9c610;
				goto 0xb0a9c648;
				_t97 =  *((intOrPtr*)(_t81 + 8));
				if ( *((char*)(_t97 + 0x29)) != 0) goto 0xb0a9c648;
				_t82 =  *((intOrPtr*)(_t97 + 0x10));
				if ( *((intOrPtr*)(__r8 + 8)) != _t82) goto 0xb0a9c648;
				 *((long long*)(__r8 + 8)) = _t97;
				_t98 =  *((intOrPtr*)(_t97 + 8));
				if ( *((char*)(_t98 + 0x29)) == 0) goto 0xb0a9c630;
				 *((long long*)(__r8 + 8)) = _t98;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x30], xmm0");
				_t51 = E00007FF67FF6B0A9C760(_t52, __r8, _t112, _t115 + 0x40, __r9, _t115 + 0x30, __r9);
				goto 0xb0a9c5a3;
				_t100 = _t115 + 0x30;
				 *_t100 = _t82;
				 *((long long*)(_t100 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t101 = _t115 + 0x20;
				 *((long long*)(_t115 + 0x28)) =  *((intOrPtr*)(_t115 + 0x38));
				 *((long long*)(_t115 + 0x20)) =  *_t112;
				 *_t122 =  *_t101;
				 *((long long*)(_t122 + 8)) =  *((intOrPtr*)(_t101 + 8));
				return _t51;
			}
























                                                                                                                                                                                                    0x7ff6b0a9c520
                                                                                                                                                                                                    0x7ff6b0a9c525
                                                                                                                                                                                                    0x7ff6b0a9c52a
                                                                                                                                                                                                    0x7ff6b0a9c52f
                                                                                                                                                                                                    0x7ff6b0a9c536
                                                                                                                                                                                                    0x7ff6b0a9c547
                                                                                                                                                                                                    0x7ff6b0a9c54a
                                                                                                                                                                                                    0x7ff6b0a9c54d
                                                                                                                                                                                                    0x7ff6b0a9c553
                                                                                                                                                                                                    0x7ff6b0a9c558
                                                                                                                                                                                                    0x7ff6b0a9c55a
                                                                                                                                                                                                    0x7ff6b0a9c563
                                                                                                                                                                                                    0x7ff6b0a9c565
                                                                                                                                                                                                    0x7ff6b0a9c56f
                                                                                                                                                                                                    0x7ff6b0a9c575
                                                                                                                                                                                                    0x7ff6b0a9c577
                                                                                                                                                                                                    0x7ff6b0a9c580
                                                                                                                                                                                                    0x7ff6b0a9c585
                                                                                                                                                                                                    0x7ff6b0a9c591
                                                                                                                                                                                                    0x7ff6b0a9c59a
                                                                                                                                                                                                    0x7ff6b0a9c59e
                                                                                                                                                                                                    0x7ff6b0a9c5a3
                                                                                                                                                                                                    0x7ff6b0a9c5a9
                                                                                                                                                                                                    0x7ff6b0a9c5ae
                                                                                                                                                                                                    0x7ff6b0a9c5b0
                                                                                                                                                                                                    0x7ff6b0a9c5c0
                                                                                                                                                                                                    0x7ff6b0a9c5ca
                                                                                                                                                                                                    0x7ff6b0a9c5cf
                                                                                                                                                                                                    0x7ff6b0a9c5d6
                                                                                                                                                                                                    0x7ff6b0a9c5da
                                                                                                                                                                                                    0x7ff6b0a9c5dc
                                                                                                                                                                                                    0x7ff6b0a9c5e1
                                                                                                                                                                                                    0x7ff6b0a9c5e9
                                                                                                                                                                                                    0x7ff6b0a9c5eb
                                                                                                                                                                                                    0x7ff6b0a9c5f0
                                                                                                                                                                                                    0x7ff6b0a9c5f2
                                                                                                                                                                                                    0x7ff6b0a9c5fa
                                                                                                                                                                                                    0x7ff6b0a9c5fc
                                                                                                                                                                                                    0x7ff6b0a9c603
                                                                                                                                                                                                    0x7ff6b0a9c605
                                                                                                                                                                                                    0x7ff6b0a9c613
                                                                                                                                                                                                    0x7ff6b0a9c61a
                                                                                                                                                                                                    0x7ff6b0a9c61c
                                                                                                                                                                                                    0x7ff6b0a9c61e
                                                                                                                                                                                                    0x7ff6b0a9c626
                                                                                                                                                                                                    0x7ff6b0a9c630
                                                                                                                                                                                                    0x7ff6b0a9c638
                                                                                                                                                                                                    0x7ff6b0a9c63a
                                                                                                                                                                                                    0x7ff6b0a9c63e
                                                                                                                                                                                                    0x7ff6b0a9c646
                                                                                                                                                                                                    0x7ff6b0a9c648
                                                                                                                                                                                                    0x7ff6b0a9c64c
                                                                                                                                                                                                    0x7ff6b0a9c65e
                                                                                                                                                                                                    0x7ff6b0a9c664
                                                                                                                                                                                                    0x7ff6b0a9c669
                                                                                                                                                                                                    0x7ff6b0a9c66e
                                                                                                                                                                                                    0x7ff6b0a9c673
                                                                                                                                                                                                    0x7ff6b0a9c67a
                                                                                                                                                                                                    0x7ff6b0a9c683
                                                                                                                                                                                                    0x7ff6b0a9c688
                                                                                                                                                                                                    0x7ff6b0a9c691
                                                                                                                                                                                                    0x7ff6b0a9c699
                                                                                                                                                                                                    0x7ff6b0a9c6a1
                                                                                                                                                                                                    0x7ff6b0a9c6c3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 3f9fb94ebf619a72e56c9b87b2a251ac8c4213fab99a0683694bafe1793dd332
                                                                                                                                                                                                    • Instruction ID: dce9c28fb9dd351ad913110885e1800af0a4a15c572afdd44a238850a025b809
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f9fb94ebf619a72e56c9b87b2a251ac8c4213fab99a0683694bafe1793dd332
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C512933A09F85A5EB608F19D0402687BA4F788BC8F589535EB8D837A6DF3DE491C300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9D490 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0A9D490(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r12, void* __r13, void* __r14, long long _a8, long long _a16, long long _a24, long long _a32) {

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
			}



                                                                                                                                                                                                    0x7ff6b0a9d490
                                                                                                                                                                                                    0x7ff6b0a9d495
                                                                                                                                                                                                    0x7ff6b0a9d49a
                                                                                                                                                                                                    0x7ff6b0a9d49f

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 9adf0773738e164250931235ba60c9b3937481e2f1625136ecae2f05f93c4938
                                                                                                                                                                                                    • Instruction ID: 493c03a345303ac5e1ad623279df97efb60260d03d095c44e89311e4bb52b065
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9adf0773738e164250931235ba60c9b3937481e2f1625136ecae2f05f93c4938
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C241B363B04B9596DA209F19E50016DB7A4FB88BC8B584532EF8C97B5ADE3CE182C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A94E70 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                                                                                    			E00007FF67FF6B0A94E70(long long __rbx, intOrPtr* __rcx, long long* __rdx, long long __rdi, long long __rsi, long long __rbp, intOrPtr* __r8, void* __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				char _v40;
				void* _t33;
				intOrPtr _t46;
				intOrPtr* _t54;
				intOrPtr _t57;
				long long* _t58;
				intOrPtr* _t60;
				signed long long _t67;
				long long _t69;
				intOrPtr _t85;
				long long _t86;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t57 =  *((intOrPtr*)(__rcx + 0x20));
				_t85 =  *((intOrPtr*)(__rcx + 0x18));
				if ((_t57 - _t85 & 0xfffffff0) != 0) goto 0xb0a94eb7;
				goto 0xb0a94edf;
				if (_t85 - _t57 <= 0) goto 0xb0a94ec1;
				E00007FF67FF6B0AA44B8();
				_t46 =  *((intOrPtr*)(__r8));
				if (_t46 == 0) goto 0xb0a94ecf;
				if (_t46 ==  *((intOrPtr*)(__rcx))) goto 0xb0a94ed4;
				E00007FF67FF6B0AA44B8();
				_t67 =  *((intOrPtr*)(__r8 + 8)) - _t85 >> 4;
				_t58 =  &_v40;
				 *_t58 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				r8d = 1;
				E00007FF67FF6B0A95790(__rcx, __rcx,  &_v40, __rsi, __r8, __r9);
				_t86 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t86 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0a94f18;
				E00007FF67FF6B0AA44B8();
				_t54 =  *((intOrPtr*)(__rcx));
				_v32 = _t86;
				_v40 = _t54;
				asm("movaps xmm0, [esp+0x20]");
				asm("movdqa [esp+0x20], xmm0");
				if (_t54 != 0) goto 0xb0a94f3f;
				E00007FF67FF6B0AA44B8();
				goto 0xb0a94f42;
				_t69 = (_t67 << 4) + _t86;
				if (_t69 -  *((intOrPtr*)( *_t54 + 0x20)) > 0) goto 0xb0a94f5d;
				if (_t54 == 0) goto 0xb0a94f57;
				if (_t69 -  *((intOrPtr*)( *_t54 + 0x18)) >= 0) goto 0xb0a94f62;
				_t33 = E00007FF67FF6B0AA44B8();
				_v32 = _t69;
				_t60 =  &_v40;
				 *__rdx =  *_t60;
				_a8 =  *((intOrPtr*)(_t60 + 8));
				return _t33;
			}















                                                                                                                                                                                                    0x7ff6b0a94e70
                                                                                                                                                                                                    0x7ff6b0a94e75
                                                                                                                                                                                                    0x7ff6b0a94e7a
                                                                                                                                                                                                    0x7ff6b0a94e7f
                                                                                                                                                                                                    0x7ff6b0a94e91
                                                                                                                                                                                                    0x7ff6b0a94e97
                                                                                                                                                                                                    0x7ff6b0a94eb0
                                                                                                                                                                                                    0x7ff6b0a94eb5
                                                                                                                                                                                                    0x7ff6b0a94eba
                                                                                                                                                                                                    0x7ff6b0a94ebc
                                                                                                                                                                                                    0x7ff6b0a94ec1
                                                                                                                                                                                                    0x7ff6b0a94ec8
                                                                                                                                                                                                    0x7ff6b0a94ecd
                                                                                                                                                                                                    0x7ff6b0a94ecf
                                                                                                                                                                                                    0x7ff6b0a94edb
                                                                                                                                                                                                    0x7ff6b0a94ee3
                                                                                                                                                                                                    0x7ff6b0a94eed
                                                                                                                                                                                                    0x7ff6b0a94ef7
                                                                                                                                                                                                    0x7ff6b0a94efe
                                                                                                                                                                                                    0x7ff6b0a94f04
                                                                                                                                                                                                    0x7ff6b0a94f09
                                                                                                                                                                                                    0x7ff6b0a94f11
                                                                                                                                                                                                    0x7ff6b0a94f13
                                                                                                                                                                                                    0x7ff6b0a94f18
                                                                                                                                                                                                    0x7ff6b0a94f1b
                                                                                                                                                                                                    0x7ff6b0a94f20
                                                                                                                                                                                                    0x7ff6b0a94f25
                                                                                                                                                                                                    0x7ff6b0a94f2a
                                                                                                                                                                                                    0x7ff6b0a94f33
                                                                                                                                                                                                    0x7ff6b0a94f35
                                                                                                                                                                                                    0x7ff6b0a94f3d
                                                                                                                                                                                                    0x7ff6b0a94f46
                                                                                                                                                                                                    0x7ff6b0a94f4d
                                                                                                                                                                                                    0x7ff6b0a94f52
                                                                                                                                                                                                    0x7ff6b0a94f5b
                                                                                                                                                                                                    0x7ff6b0a94f5d
                                                                                                                                                                                                    0x7ff6b0a94f6c
                                                                                                                                                                                                    0x7ff6b0a94f76
                                                                                                                                                                                                    0x7ff6b0a94f7e
                                                                                                                                                                                                    0x7ff6b0a94f86
                                                                                                                                                                                                    0x7ff6b0a94f9c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 0dfe290ad0cdf64aa43669a68593f605fd5eb979421ae91750d4b89d46ba8f38
                                                                                                                                                                                                    • Instruction ID: e4b85c0685a0c864cc6c714559d7816a256628c21d04c0e3792293b2e2a83c83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dfe290ad0cdf64aa43669a68593f605fd5eb979421ae91750d4b89d46ba8f38
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E318F23708B8691DA209F19E40056DA7A8FB48F98F584531EF8C97B9ACF3DE541C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA4BB8 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AA4BE1
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AA4BF0
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AA4C6D
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AAA664: realloc.LIBCMT ref: 00007FF6B0AAA68F
                                                                                                                                                                                                      • Part of subcall function 00007FF6B0AAA664: Sleep.KERNEL32(?,?,00000000,00007FF6B0AA4C5D,?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001), ref: 00007FF6B0AAA6AB
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AA4C7C
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,00007FF6B0AA4CC9,?,?,?,?,00007FF6B0AA56F2,?,?,00000001,00007FF6B0AA47AB), ref: 00007FF6B0AA4C88
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode$Sleep_errnorealloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1310268301-0
                                                                                                                                                                                                    • Opcode ID: da3e88b1a8b197b5a9bc03744fcc4c4a517e23ff6b81ad0f1ee5100b1ca44848
                                                                                                                                                                                                    • Instruction ID: a302f29668f2cbbbe290270f51ad3daa344e4e854f4491fc4384b82e88d8eb10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: da3e88b1a8b197b5a9bc03744fcc4c4a517e23ff6b81ad0f1ee5100b1ca44848
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50218313B1A74270EA04AB6AE5440B9AA95FBC57D0B644C35EB0D877D7EEBCE4818704
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ABA424 Relevance: 7.6, APIs: 5, Instructions: 68threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                                                    			E00007FF67FF6B0ABA424(void* __edx, intOrPtr* __rax, signed int __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, long long __r9, long long _a8, long long _a16, char _a24, long long _a32, signed int _a40, intOrPtr _a48) {
				long long _v32;
				signed int _v40;
				void* __rdi;
				long _t28;
				intOrPtr* _t45;
				intOrPtr _t50;
				void* _t56;
				intOrPtr* _t57;
				long long _t59;

				_t53 = __rdx;
				_t48 = __rcx;
				_t46 = __rbx;
				_t45 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t59 = __r8;
				r12d = __edx;
				if (__r8 != 0) goto 0xb0aba473;
				E00007FF67FF6B0AA78AC(__rax);
				_v40 = _v40 & __rbx;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF67FF6B0AA4430(__rax, __rbx, __rcx, __rdx, __r8, __r9, __r8);
				goto 0xb0aba50a;
				E00007FF67FF6B0AB384C();
				E00007FF67FF6B0AAA5E0(_t46, _t48, _t53, _t56, _t59, __r9);
				_t57 = _t45;
				if (_t45 == 0) goto 0xb0aba4f7;
				E00007FF67FF6B0AAB93C(1, _t45, _t45);
				E00007FF67FF6B0AAB804(_t46, _t57,  *((intOrPtr*)(_t45 + 0xc0)));
				_t50 = _a48;
				 *(_t57 + 8) =  *(_t57 + 8) | 0xffffffff;
				_t69 =  !=  ? _t50 :  &_a24;
				_v32 =  !=  ? _t50 :  &_a24;
				 *((long long*)(_t57 + 0x90)) = _t59;
				 *((long long*)(_t57 + 0x98)) = __r9;
				_v40 = _a40;
				CreateThread(??, ??, ??, ??, ??, ??);
				if (_t45 != 0) goto 0xb0aba50c;
				_t28 = GetLastError();
				free(??);
				if (_t28 == 0) goto 0xb0aba50a;
				E00007FF67FF6B0AA78EC(_t28, _t45);
				return 0;
			}












                                                                                                                                                                                                    0x7ff6b0aba424
                                                                                                                                                                                                    0x7ff6b0aba424
                                                                                                                                                                                                    0x7ff6b0aba424
                                                                                                                                                                                                    0x7ff6b0aba424
                                                                                                                                                                                                    0x7ff6b0aba424
                                                                                                                                                                                                    0x7ff6b0aba429
                                                                                                                                                                                                    0x7ff6b0aba42e
                                                                                                                                                                                                    0x7ff6b0aba441
                                                                                                                                                                                                    0x7ff6b0aba444
                                                                                                                                                                                                    0x7ff6b0aba44d
                                                                                                                                                                                                    0x7ff6b0aba44f
                                                                                                                                                                                                    0x7ff6b0aba454
                                                                                                                                                                                                    0x7ff6b0aba459
                                                                                                                                                                                                    0x7ff6b0aba45c
                                                                                                                                                                                                    0x7ff6b0aba463
                                                                                                                                                                                                    0x7ff6b0aba469
                                                                                                                                                                                                    0x7ff6b0aba46e
                                                                                                                                                                                                    0x7ff6b0aba473
                                                                                                                                                                                                    0x7ff6b0aba482
                                                                                                                                                                                                    0x7ff6b0aba487
                                                                                                                                                                                                    0x7ff6b0aba48d
                                                                                                                                                                                                    0x7ff6b0aba48f
                                                                                                                                                                                                    0x7ff6b0aba49e
                                                                                                                                                                                                    0x7ff6b0aba4a3
                                                                                                                                                                                                    0x7ff6b0aba4a8
                                                                                                                                                                                                    0x7ff6b0aba4b9
                                                                                                                                                                                                    0x7ff6b0aba4c3
                                                                                                                                                                                                    0x7ff6b0aba4d2
                                                                                                                                                                                                    0x7ff6b0aba4d9
                                                                                                                                                                                                    0x7ff6b0aba4e0
                                                                                                                                                                                                    0x7ff6b0aba4e4
                                                                                                                                                                                                    0x7ff6b0aba4ed
                                                                                                                                                                                                    0x7ff6b0aba4ef
                                                                                                                                                                                                    0x7ff6b0aba4fa
                                                                                                                                                                                                    0x7ff6b0aba501
                                                                                                                                                                                                    0x7ff6b0aba505
                                                                                                                                                                                                    0x7ff6b0aba524

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDecodeErrorLastPointerThread_errno_getptdfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 220819306-0
                                                                                                                                                                                                    • Opcode ID: ece87a1fc5feb03447c1b275c00dd7aa7aefcaa37945c33b4158078beb98526a
                                                                                                                                                                                                    • Instruction ID: 202b2fc575d283aa42e91c73dfdd1157c25c8152dcee26360ad25a2034b6a106
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ece87a1fc5feb03447c1b275c00dd7aa7aefcaa37945c33b4158078beb98526a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5821B723B08785A6E7149BA9A84166E7A94FF98B90F544A35EF5D83BD7CF3CE0508700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB8120 Relevance: 7.6, APIs: 5, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                                                    			E00007FF67FF6B0AB8120(void* __ebx, void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, void* __r9, long long __r12, signed char _a8, long long _a16, long long _a24) {
				void* __rsi;
				void* _t27;
				void* _t29;
				void* _t30;
				intOrPtr _t46;
				intOrPtr* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				long long _t65;

				_t30 = __edx;
				_t29 = __ecx;
				_a24 = __rbx;
				_t46 =  *((intOrPtr*)(__rcx + 0x20));
				_t54 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t46 <= 0) goto 0xb0ab813e;
				E00007FF67FF6B0AA44B8();
				_t55 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t55 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0ab814d;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t55 > 0) goto 0xb0ab8159;
				if (_t55 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0ab815e;
				E00007FF67FF6B0AA44B8();
				_t57 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t46 > 0) goto 0xb0ab816d;
				if (_t46 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0ab8172;
				E00007FF67FF6B0AA44B8();
				if (_t57 == 0) goto 0xb0ab817c;
				if (_t57 ==  *__rcx) goto 0xb0ab8181;
				E00007FF67FF6B0AA44B8();
				if (_t55 == _t46) goto 0xb0ab81e4;
				_t58 =  *((intOrPtr*)(__rcx + 0x20));
				_a16 = __r12;
				_t65 = _t55 + (_t58 - _t46 >> 3) * 8;
				if (_t46 == _t58) goto 0xb0ab81c5;
				asm("o16 nop [eax+eax]");
				E00007FF67FF6B0AB69F0(_t46, _t55 - _t46 + _t46, _t46);
				if (_t46 + 8 != _t58) goto 0xb0ab81b0;
				r9d = _a8 & 0x000000ff;
				_t27 = E00007FF67FF6B0AB7D10(__ebx, _t29, _t30, _t58 - _t46 >> 3, _t46 + 8, _t65,  *((intOrPtr*)(_t54 + 0x20)), _t55 - _t46, _t54 + 0x10, __r9);
				 *((long long*)(_t54 + 0x20)) = _t65;
				return _t27;
			}













                                                                                                                                                                                                    0x7ff6b0ab8120
                                                                                                                                                                                                    0x7ff6b0ab8120
                                                                                                                                                                                                    0x7ff6b0ab8120
                                                                                                                                                                                                    0x7ff6b0ab812c
                                                                                                                                                                                                    0x7ff6b0ab8130
                                                                                                                                                                                                    0x7ff6b0ab8137
                                                                                                                                                                                                    0x7ff6b0ab8139
                                                                                                                                                                                                    0x7ff6b0ab813e
                                                                                                                                                                                                    0x7ff6b0ab8146
                                                                                                                                                                                                    0x7ff6b0ab8148
                                                                                                                                                                                                    0x7ff6b0ab8151
                                                                                                                                                                                                    0x7ff6b0ab8157
                                                                                                                                                                                                    0x7ff6b0ab8159
                                                                                                                                                                                                    0x7ff6b0ab815e
                                                                                                                                                                                                    0x7ff6b0ab8165
                                                                                                                                                                                                    0x7ff6b0ab816b
                                                                                                                                                                                                    0x7ff6b0ab816d
                                                                                                                                                                                                    0x7ff6b0ab8175
                                                                                                                                                                                                    0x7ff6b0ab817a
                                                                                                                                                                                                    0x7ff6b0ab817c
                                                                                                                                                                                                    0x7ff6b0ab8184
                                                                                                                                                                                                    0x7ff6b0ab8186
                                                                                                                                                                                                    0x7ff6b0ab818a
                                                                                                                                                                                                    0x7ff6b0ab8199
                                                                                                                                                                                                    0x7ff6b0ab81a0
                                                                                                                                                                                                    0x7ff6b0ab81a5
                                                                                                                                                                                                    0x7ff6b0ab81b7
                                                                                                                                                                                                    0x7ff6b0ab81c3
                                                                                                                                                                                                    0x7ff6b0ab81c5
                                                                                                                                                                                                    0x7ff6b0ab81d6
                                                                                                                                                                                                    0x7ff6b0ab81db
                                                                                                                                                                                                    0x7ff6b0ab81f0

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 94e8535373d5eee8c31459157ca0df03a4c9a942121b1679b2ccc5edc3a1f7ea
                                                                                                                                                                                                    • Instruction ID: 9de2c516d1f9de2b1d3a6fe6703e1963fc1bdcc8a5df1d9b76c5cc35eaff5a78
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94e8535373d5eee8c31459157ca0df03a4c9a942121b1679b2ccc5edc3a1f7ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA213723A05956B6E9606B1DA1001AD9BA4FB5C740F5C0A35DB9C57B87DF38F4A2C350
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A99D30 Relevance: 7.5, APIs: 5, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0A99D30(long long __rbx, intOrPtr* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t23;
				void* _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t46;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t43 =  *((intOrPtr*)(__rcx + 0x20));
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t43 <= 0) goto 0xb0a99d56;
				E00007FF67FF6B0AA44B8();
				_t41 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t41 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0a99d65;
				E00007FF67FF6B0AA44B8();
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t41 > 0) goto 0xb0a99d71;
				if (_t41 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0a99d76;
				E00007FF67FF6B0AA44B8();
				_t46 =  *__rcx;
				if ( *((intOrPtr*)(__rcx + 0x18)) - _t43 > 0) goto 0xb0a99d85;
				if (_t43 -  *((intOrPtr*)(__rcx + 0x20)) <= 0) goto 0xb0a99d8a;
				E00007FF67FF6B0AA44B8();
				if (_t46 == 0) goto 0xb0a99d94;
				if (_t46 ==  *__rcx) goto 0xb0a99d99;
				E00007FF67FF6B0AA44B8();
				if (_t41 == _t43) goto 0xb0a99dc0;
				_t40 =  *((intOrPtr*)(__rcx + 0x20)) - _t43;
				if (_t40 <= 0) goto 0xb0a99dbc;
				_t23 = E00007FF67FF6B0AA4070(_t41, _t40, _t43, _t40);
				 *((long long*)(__rcx + 0x20)) = _t40 + _t41;
				return _t23;
			}








                                                                                                                                                                                                    0x7ff6b0a99d30
                                                                                                                                                                                                    0x7ff6b0a99d35
                                                                                                                                                                                                    0x7ff6b0a99d3a
                                                                                                                                                                                                    0x7ff6b0a99d44
                                                                                                                                                                                                    0x7ff6b0a99d4f
                                                                                                                                                                                                    0x7ff6b0a99d51
                                                                                                                                                                                                    0x7ff6b0a99d56
                                                                                                                                                                                                    0x7ff6b0a99d5e
                                                                                                                                                                                                    0x7ff6b0a99d60
                                                                                                                                                                                                    0x7ff6b0a99d69
                                                                                                                                                                                                    0x7ff6b0a99d6f
                                                                                                                                                                                                    0x7ff6b0a99d71
                                                                                                                                                                                                    0x7ff6b0a99d76
                                                                                                                                                                                                    0x7ff6b0a99d7d
                                                                                                                                                                                                    0x7ff6b0a99d83
                                                                                                                                                                                                    0x7ff6b0a99d85
                                                                                                                                                                                                    0x7ff6b0a99d8d
                                                                                                                                                                                                    0x7ff6b0a99d92
                                                                                                                                                                                                    0x7ff6b0a99d94
                                                                                                                                                                                                    0x7ff6b0a99d9c
                                                                                                                                                                                                    0x7ff6b0a99da2
                                                                                                                                                                                                    0x7ff6b0a99dac
                                                                                                                                                                                                    0x7ff6b0a99db7
                                                                                                                                                                                                    0x7ff6b0a99dbc
                                                                                                                                                                                                    0x7ff6b0a99dd4

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 395423532e8a034f72e2356662622c31c4559b370181be70f9e98b2c9a67ad87
                                                                                                                                                                                                    • Instruction ID: 1379cee9966a93d85c6d5472d2836ed901c6be268a49d3b6b421299e2c5b3c2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 395423532e8a034f72e2356662622c31c4559b370181be70f9e98b2c9a67ad87
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74118463B08A41A2EB60AF1DD18016D67A4FB48FC4F650931EB5C9778BCE2DE891C351
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AACB08 Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: 51358f02df6aa1c520c902237605ff6eac71f778f40a86b1a1b9eb1d44f505ae
                                                                                                                                                                                                    • Instruction ID: 60c21c3a8b58c844983a95e23c3d9bb3b78bc79f7716a68d62f192f8ec27ec6c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51358f02df6aa1c520c902237605ff6eac71f778f40a86b1a1b9eb1d44f505ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B601C423A79B0591E7808F29F9946697760FB09B90F546A30EF5E977A5CE3CD8C48300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ABA384 Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ThreadValue$CurrentErrorExitLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1808566232-0
                                                                                                                                                                                                    • Opcode ID: 94f429541888e2a87e9ddcd7a9c91dd1b61d2b74d0858537a8fdef3fe104ab33
                                                                                                                                                                                                    • Instruction ID: 3a41599b64411360519be17d7bd460bce5d7aac412e42a91bfa50a0c0264afc8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94f429541888e2a87e9ddcd7a9c91dd1b61d2b74d0858537a8fdef3fe104ab33
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F111B26A59B4AB1FA40AB79A8493BC2A94AF55B40F144D34DB1DC63D3EE6CE4448310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A94750 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                                                                    			E00007FF67FF6B0A94750(intOrPtr* __rcx) {
				void* __rbx;
				void* _t6;
				void* _t7;
				void* _t10;
				intOrPtr* _t11;
				intOrPtr* _t13;
				intOrPtr* _t14;
				void* _t20;
				void* _t21;
				void* _t24;

				_t14 =  *((intOrPtr*)(__rcx));
				_t11 = _t14;
				if (_t11 == 0) goto 0xb0a947a5;
				asm("lock add dword [ebx+0x8], 0xffffffff");
				if (_t11 != 0) goto 0xb0a947a5;
				_t13 =  *_t14;
				 *_t13();
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0xb0a947a5;
				_t1 = _t13 + 0x49; // 0x49
				r9d = _t1;
				return E00007FF67FF6B0ACAB00(_t6, _t7, _t10, _t14, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t20, _t21, "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp", _t24);
			}













                                                                                                                                                                                                    0x7ff6b0a94756
                                                                                                                                                                                                    0x7ff6b0a94759
                                                                                                                                                                                                    0x7ff6b0a9475c
                                                                                                                                                                                                    0x7ff6b0a9475e
                                                                                                                                                                                                    0x7ff6b0a94763
                                                                                                                                                                                                    0x7ff6b0a94765
                                                                                                                                                                                                    0x7ff6b0a9476d
                                                                                                                                                                                                    0x7ff6b0a9476f
                                                                                                                                                                                                    0x7ff6b0a94785
                                                                                                                                                                                                    0x7ff6b0a94787
                                                                                                                                                                                                    0x7ff6b0a94787
                                                                                                                                                                                                    0x7ff6b0a947aa

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0, xrefs: 00007FF6B0A94799
                                                                                                                                                                                                    • void __cdecl boost::detail::free_raw_heap_memory(void *), xrefs: 00007FF6B0A94792
                                                                                                                                                                                                    • D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp, xrefs: 00007FF6B0A9478B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 3859560861-3333080286
                                                                                                                                                                                                    • Opcode ID: bbd1b308470604d059fc8b3b034bf7eafb81cdd28000ebdae6b9dc5dbe87673a
                                                                                                                                                                                                    • Instruction ID: afba045765e4e9ea8ba8edd21419afa9b0db75cae863c663893824a71c967011
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbd1b308470604d059fc8b3b034bf7eafb81cdd28000ebdae6b9dc5dbe87673a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BF03063B44A4BA2FB148F79E8446B43B55AF95B55B498A30CB1D823A2EF2CD9458300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A94110 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 18memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                                                                    			E00007FF67FF6B0A94110(void* __rax, void* __rcx) {
				void* __rbx;
				void* _t5;
				void* _t6;
				void* _t8;
				void* _t10;
				void* _t16;
				void* _t17;
				void* _t20;

				_t10 = __rax;
				GetProcessHeap();
				if (HeapFree(??, ??, ??) != 0) goto 0xb0a9414f;
				_t1 = _t10 + 0x49; // 0x49
				r9d = _t1;
				return E00007FF67FF6B0ACAB00(_t5, _t6, _t8, __rcx, "detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0", "void __cdecl boost::detail::free_raw_heap_memory(void *)", _t16, _t17, "D:\\Libraries\\boost\\boost/thread/win32/thread_heap_alloc.hpp", _t20);
			}











                                                                                                                                                                                                    0x7ff6b0a94110
                                                                                                                                                                                                    0x7ff6b0a94119
                                                                                                                                                                                                    0x7ff6b0a9412f
                                                                                                                                                                                                    0x7ff6b0a94131
                                                                                                                                                                                                    0x7ff6b0a94131
                                                                                                                                                                                                    0x7ff6b0a94154

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0, xrefs: 00007FF6B0A94143
                                                                                                                                                                                                    • void __cdecl boost::detail::free_raw_heap_memory(void *), xrefs: 00007FF6B0A9413C
                                                                                                                                                                                                    • D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp, xrefs: 00007FF6B0A94135
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: D:\Libraries\boost\boost/thread/win32/thread_heap_alloc.hpp$detail::win32::HeapFree(detail::win32::GetProcessHeap(),0,heap_memory)!=0$void __cdecl boost::detail::free_raw_heap_memory(void *)
                                                                                                                                                                                                    • API String ID: 3859560861-3333080286
                                                                                                                                                                                                    • Opcode ID: 390c634eb8512d6bd36f964db49dd20d87de3fa4aeae6bde1dec52a086757f87
                                                                                                                                                                                                    • Instruction ID: e3146fd4f1f33c94ba59a843e1e61d7f2746fcf12fabcfd94f6417876c5d51fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 390c634eb8512d6bd36f964db49dd20d87de3fa4aeae6bde1dec52a086757f87
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCE04892F8464773EB149B69B8455F43B15AF54745F464930CE0D92353EF2CD589C300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA9B04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                                                    			E00007FF67FF6B0AA9B04(void* __ebx, void* __ecx, void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __r8, signed long long __r9) {
				void* __rsi;
				void* __rbp;
				intOrPtr _t102;
				void* _t107;
				void* _t123;
				long long _t126;
				void* _t127;
				void* _t128;
				long long _t170;
				intOrPtr* _t174;
				long long _t177;
				void* _t179;
				void* _t180;
				signed long long _t191;
				void* _t194;

				_t123 = __rax;
				_t107 = __edi;
				_t104 = __ecx;
				 *((long long*)(_t179 + 0x10)) = __rbx;
				 *((long long*)(_t179 + 0x18)) = __r8;
				_t180 = _t179 - 0x70;
				_t191 = __r9;
				_t194 = __rdx;
				_t174 = __rcx;
				if ( *__rcx == 0x80000003) goto 0xb0aa9d30;
				E00007FF67FF6B0AAB93C(__ecx,  *__rcx - 0x80000003, __rax);
				r15d =  *((intOrPtr*)(_t180 + 0xe0));
				_t177 =  *((intOrPtr*)(_t180 + 0xd0));
				if ( *((long long*)(_t123 + 0xe0)) == 0) goto 0xb0aa9ba2;
				E00007FF67FF6B0AAB93C(_t104,  *((long long*)(_t123 + 0xe0)), _t123);
				E00007FF67FF6B0AAB7B0();
				if ( *((intOrPtr*)(_t123 + 0xe0)) == _t123) goto 0xb0aa9ba2;
				if ( *__rcx == 0xe0434f4d) goto 0xb0aa9ba2;
				 *(_t180 + 0x30) =  *((intOrPtr*)(_t180 + 0xe8));
				 *((intOrPtr*)(_t180 + 0x28)) = r15d;
				 *((long long*)(_t180 + 0x20)) = _t177;
				if (E00007FF67FF6B0AA7528(__rcx, __rdx, __r8, __r9) != 0) goto 0xb0aa9d30;
				if ( *((intOrPtr*)(_t177 + 0xc)) != 0) goto 0xb0aa9bad;
				E00007FF67FF6B0AB0148( *((intOrPtr*)(_t180 + 0xe8)));
				r12d =  *((intOrPtr*)(_t180 + 0xd8));
				 *(_t180 + 0x30) = __r9;
				 *((long long*)(_t180 + 0x28)) = _t180 + 0x60;
				_t126 = _t180 + 0xb0;
				r8d = r15d;
				r9d = r12d;
				 *((long long*)(_t180 + 0x20)) = _t126;
				E00007FF67FF6B0AA757C(__ebx, _t123, _t177, _t174);
				_t170 = _t126;
				goto 0xb0aa9d26;
				if (r12d -  *_t170 < 0) goto 0xb0aa9d19;
				if (r12d -  *((intOrPtr*)(_t170 + 4)) > 0) goto 0xb0aa9d19;
				E00007FF67FF6B0AA72E8(_t126);
				if ( *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)) == 0) goto 0xb0aa9c44;
				E00007FF67FF6B0AA72E8(_t126);
				E00007FF67FF6B0AA72E8(_t126);
				_t127 = _t126 +  *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10));
				goto 0xb0aa9c46;
				if (_t127 == 0) goto 0xb0aa9c93;
				E00007FF67FF6B0AA72E8(_t127);
				if ( *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)) == 0) goto 0xb0aa9c8b;
				E00007FF67FF6B0AA72E8(_t127);
				E00007FF67FF6B0AA72E8(_t127);
				_t128 = _t127 +  *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10));
				goto 0xb0aa9c8d;
				if ( *((char*)(_t128 + 0x10)) != 0) goto 0xb0aa9d12;
				E00007FF67FF6B0AA72E8(_t128);
				if (( *(_t128 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x14) & 0x00000040) != 0) goto 0xb0aa9d12;
				E00007FF67FF6B0AA72E8(_t128);
				 *((char*)(_t180 + 0x58)) = 0;
				 *((char*)(_t180 + 0x50)) = 1;
				 *((long long*)(_t180 + 0x48)) =  *((intOrPtr*)(_t180 + 0xe8));
				 *((intOrPtr*)(_t180 + 0x40)) = r15d;
				 *((long long*)(_t180 + 0x38)) = _t170;
				 *(_t180 + 0x30) =  *(_t180 + 0x30) & 0x00000000;
				 *((long long*)(_t180 + 0x28)) = _t128 + ( *(_t170 + 0xc) - 1 + ( *(_t170 + 0xc) - 1) * 4) * 4 +  *((intOrPtr*)(_t170 + 0x10));
				 *((long long*)(_t180 + 0x20)) = _t177;
				E00007FF67FF6B0AA9A40( *(_t170 + 0xc) - 1, _t107,  *((intOrPtr*)(_t127 +  *((intOrPtr*)(_t170 + 0x10)) + ( *(_t170 + 0xc) +  *(_t170 + 0xc) * 4) * 4 - 0x10)), _t174, _t194, _t177,  *((intOrPtr*)(_t180 + 0xc0)), _t191);
				_t102 =  *((intOrPtr*)(_t180 + 0xb0)) + 1;
				 *((intOrPtr*)(_t180 + 0xb0)) = _t102;
				if (_t102 -  *((intOrPtr*)(_t180 + 0x60)) < 0) goto 0xb0aa9bf1;
				return _t102;
			}


















                                                                                                                                                                                                    0x7ff6b0aa9b04
                                                                                                                                                                                                    0x7ff6b0aa9b04
                                                                                                                                                                                                    0x7ff6b0aa9b04
                                                                                                                                                                                                    0x7ff6b0aa9b04
                                                                                                                                                                                                    0x7ff6b0aa9b09
                                                                                                                                                                                                    0x7ff6b0aa9b19
                                                                                                                                                                                                    0x7ff6b0aa9b23
                                                                                                                                                                                                    0x7ff6b0aa9b29
                                                                                                                                                                                                    0x7ff6b0aa9b2c
                                                                                                                                                                                                    0x7ff6b0aa9b2f
                                                                                                                                                                                                    0x7ff6b0aa9b35
                                                                                                                                                                                                    0x7ff6b0aa9b3a
                                                                                                                                                                                                    0x7ff6b0aa9b42
                                                                                                                                                                                                    0x7ff6b0aa9b52
                                                                                                                                                                                                    0x7ff6b0aa9b54
                                                                                                                                                                                                    0x7ff6b0aa9b5c
                                                                                                                                                                                                    0x7ff6b0aa9b68
                                                                                                                                                                                                    0x7ff6b0aa9b70
                                                                                                                                                                                                    0x7ff6b0aa9b80
                                                                                                                                                                                                    0x7ff6b0aa9b8b
                                                                                                                                                                                                    0x7ff6b0aa9b90
                                                                                                                                                                                                    0x7ff6b0aa9b9c
                                                                                                                                                                                                    0x7ff6b0aa9ba6
                                                                                                                                                                                                    0x7ff6b0aa9ba8
                                                                                                                                                                                                    0x7ff6b0aa9bad
                                                                                                                                                                                                    0x7ff6b0aa9bba
                                                                                                                                                                                                    0x7ff6b0aa9bbf
                                                                                                                                                                                                    0x7ff6b0aa9bc4
                                                                                                                                                                                                    0x7ff6b0aa9bcc
                                                                                                                                                                                                    0x7ff6b0aa9bcf
                                                                                                                                                                                                    0x7ff6b0aa9bd8
                                                                                                                                                                                                    0x7ff6b0aa9bdd
                                                                                                                                                                                                    0x7ff6b0aa9be2
                                                                                                                                                                                                    0x7ff6b0aa9bec
                                                                                                                                                                                                    0x7ff6b0aa9bf4
                                                                                                                                                                                                    0x7ff6b0aa9bfe
                                                                                                                                                                                                    0x7ff6b0aa9c04
                                                                                                                                                                                                    0x7ff6b0aa9c1e
                                                                                                                                                                                                    0x7ff6b0aa9c20
                                                                                                                                                                                                    0x7ff6b0aa9c3a
                                                                                                                                                                                                    0x7ff6b0aa9c3f
                                                                                                                                                                                                    0x7ff6b0aa9c42
                                                                                                                                                                                                    0x7ff6b0aa9c49
                                                                                                                                                                                                    0x7ff6b0aa9c4b
                                                                                                                                                                                                    0x7ff6b0aa9c65
                                                                                                                                                                                                    0x7ff6b0aa9c67
                                                                                                                                                                                                    0x7ff6b0aa9c81
                                                                                                                                                                                                    0x7ff6b0aa9c86
                                                                                                                                                                                                    0x7ff6b0aa9c89
                                                                                                                                                                                                    0x7ff6b0aa9c91
                                                                                                                                                                                                    0x7ff6b0aa9c93
                                                                                                                                                                                                    0x7ff6b0aa9cad
                                                                                                                                                                                                    0x7ff6b0aa9caf
                                                                                                                                                                                                    0x7ff6b0aa9cbf
                                                                                                                                                                                                    0x7ff6b0aa9cc4
                                                                                                                                                                                                    0x7ff6b0aa9ceb
                                                                                                                                                                                                    0x7ff6b0aa9cf0
                                                                                                                                                                                                    0x7ff6b0aa9cf5
                                                                                                                                                                                                    0x7ff6b0aa9cfa
                                                                                                                                                                                                    0x7ff6b0aa9d00
                                                                                                                                                                                                    0x7ff6b0aa9d08
                                                                                                                                                                                                    0x7ff6b0aa9d0d
                                                                                                                                                                                                    0x7ff6b0aa9d19
                                                                                                                                                                                                    0x7ff6b0aa9d1f
                                                                                                                                                                                                    0x7ff6b0aa9d2a
                                                                                                                                                                                                    0x7ff6b0aa9d47

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$CallTranslator
                                                                                                                                                                                                    • String ID: MOC
                                                                                                                                                                                                    • API String ID: 3569367362-624257665
                                                                                                                                                                                                    • Opcode ID: 701c7f62758117df9d68805bcdd9943e9059ba62097dbbdcab498742cdacb196
                                                                                                                                                                                                    • Instruction ID: 73d05e22fbf87d552aeb81164d8af64b29c34be06fffe8fc60b947be54116000
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701c7f62758117df9d68805bcdd9943e9059ba62097dbbdcab498742cdacb196
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E616273A08A82A5DB20CB19E4807AE7BA4FB80B98F644935DB4D837D6DF78E155C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA5578 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FF6B0AA55C1,?,?,00000028,00007FF6B0AA48F9,?,?,00000000,00007FF6B0AAA598,?,?,00000000,00007FF6B0AAFED9), ref: 00007FF6B0AA5587
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,000000FF,00007FF6B0AA55C1,?,?,00000028,00007FF6B0AA48F9,?,?,00000000,00007FF6B0AAA598,?,?,00000000,00007FF6B0AAFED9), ref: 00007FF6B0AA559C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                    • API String ID: 1646373207-1276376045
                                                                                                                                                                                                    • Opcode ID: 8e88595b131e52f817ebab1db4fb07a491aba47a0bed957ca3a8eab92fd5a99f
                                                                                                                                                                                                    • Instruction ID: d7b65b0f2aec9619c853a9603889cf9be3c25e282d7562791cf42cc26b40d2d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e88595b131e52f817ebab1db4fb07a491aba47a0bed957ca3a8eab92fd5a99f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CE01212F9A70761FF595B78A8847382A51AF48710F885939CF1E963D2DF2CE989C710
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA8948 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                                                    			E00007FF67FF6B0AA8948(void* __ebx, void* __ecx, signed long long __edx, void* __eflags, long long __rbx, void* __rcx, void* __r8) {
				void* __rsi;
				void* __rbp;
				void* _t133;
				void* _t147;
				void* _t159;
				void* _t163;
				signed long long _t165;
				signed long long _t166;
				signed long long _t167;
				long long _t178;
				signed long long _t183;
				signed long long _t207;
				signed long long _t209;
				intOrPtr _t210;
				void* _t213;
				void* _t214;
				void* _t216;
				signed long long _t217;
				void* _t219;
				signed long long _t220;
				void* _t223;
				signed long long _t224;
				void* _t227;
				void* _t230;
				signed long long _t231;
				void* _t233;
				signed long long _t234;
				void* _t237;
				void* _t239;
				signed long long _t240;

				_t226 = __r8;
				_t137 = __ecx;
				 *((long long*)(_t223 + 0x20)) = __rbx;
				_t224 = _t223 - 0x210;
				_t165 =  *0xb0ae0430; // 0x449f37dbf1f
				_t166 = _t165 ^ _t224;
				 *(_t224 + 0x200) = _t166;
				_t240 = __edx;
				_t214 = __rcx;
				E00007FF67FF6B0AAB93C(__ecx, __eflags, _t166);
				_t217 = _t166;
				_t167 = _t224 + 0x40;
				r8d = 0x83;
				 *((intOrPtr*)(_t224 + 0x28)) = r15d;
				 *(_t224 + 0x20) = _t167;
				E00007FF67FF6B0AA8708(__ebx, __r8, _t224 + 0x70, __r8, _t224 + 0x48);
				if (_t167 != 0) goto 0xb0aa89b5;
				goto 0xb0aa8c24;
				_t183 = _t240 << 5;
				if (E00007FF67FF6B0AABBE0(_t137, _t224 + 0x70,  *((intOrPtr*)(_t183 + __rcx + 0x48))) == 0) goto 0xb0aa8c1f;
				E00007FF67FF6B0AA70C0(_t114, _t224 + 0x70);
				_t220 = _t167;
				_t12 = _t167 + 5; // 0x5
				E00007FF67FF6B0AAA574(_t147, _t167, _t183, _t12, _t217, _t220);
				_t231 = _t167;
				if (_t167 == 0) goto 0xb0aa89ae;
				_t234 = _t240 + 3;
				 *((long long*)(_t224 + 0x58)) =  *((intOrPtr*)(_t183 + _t214 + 0x48));
				r8d = 6;
				 *(_t224 + 0x50) =  *(_t214 + _t234 * 4);
				 *((long long*)(_t224 + 0x60)) = _t214 + (_t240 + 0x12 + _t240 * 2) * 2;
				E00007FF67FF6B0AAAE90(_t137, _t167, _t224 + 0x68, _t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t226);
				_t28 = _t220 + 1; // 0x1
				_t227 = _t224 + 0x70;
				_t30 = _t231 + 4; // 0x4
				 *((intOrPtr*)(_t224 + 0x44)) =  *((intOrPtr*)(_t214 + 4));
				if (E00007FF67FF6B0AAB72C(_t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t30, _t28, _t217, _t220, _t227) == 0) goto 0xb0aa8a5b;
				 *(_t224 + 0x20) =  *(_t224 + 0x20) & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4308();
				_t35 = _t231 + 4; // 0x4
				_t207 = _t224 + 0x48;
				 *((long long*)(_t183 + _t214 + 0x48)) = _t35;
				r8d = 6;
				 *(_t214 + _t234 * 4) =  *(_t224 + 0x48) & 0x0000ffff;
				E00007FF67FF6B0AAAE90(0, E00007FF67FF6B0AAB72C(_t214 + (_t240 + 0x12 + _t240 * 2) * 2, _t30, _t28, _t217, _t220, _t227),  *((intOrPtr*)(_t224 + 0x60)), _t207, _t227);
				if (r15d != 2) goto 0xb0aa8b94;
				r8d = 0;
				 *((intOrPtr*)(_t214 + 4)) =  *((intOrPtr*)(_t224 + 0x40));
				if ( *((intOrPtr*)(_t214 + 4)) ==  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8))) goto 0xb0aa8acd;
				 *((long long*)(_t217 + 0x27c + _t207 * 8)) =  *((intOrPtr*)(_t217 + 0x29c));
				r8d = r8d + 1;
				if (_t207 + 1 - 5 < 0) goto 0xb0aa8aa0;
				goto 0xb0aa8aec;
				if (r8d == 0) goto 0xb0aa8aec;
				_t209 = r8d;
				 *((long long*)(_t217 + 0x27c)) =  *((intOrPtr*)(_t217 + 0x27c + _t209 * 8));
				 *((long long*)(_t217 + 0x27c + _t209 * 8)) =  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8));
				if (r8d != 5) goto 0xb0aa8b88;
				_t63 = _t227 + 0x7a; // 0x7a
				 *((intOrPtr*)(_t224 + 0x38)) = 1;
				 *((intOrPtr*)(_t224 + 0x30)) =  *((intOrPtr*)(_t214 + 0x14));
				 *((intOrPtr*)(_t224 + 0x28)) =  *((intOrPtr*)(_t214 + 4));
				_t69 = _t220 - 0x7e; // -4
				r9d = _t63;
				 *(_t224 + 0x20) = _t224 + 0x100;
				_t159 = E00007FF67FF6B0AB2858(_t69, r8d - 5, _t224 + 0x100, _t183,  *((intOrPtr*)(_t217 + 0x27c + _t207 * 8)), _t217, 0xb0ad0d00, _t224 + 0x48, _t239, _t237, _t233);
				if (_t159 == 0) goto 0xb0aa8b78;
				 *(_t224 + 0x100) =  *(_t224 + 0x100) & 0x000001ff;
				if (_t159 != 0) goto 0xb0aa8b3d;
				_t210 =  *0xb0ae03f8; // 0x7ff6b0ad10d4
				r8d = 0xfe;
				 *(_t217 + 0x280) = 0 | E00007FF67FF6B0AB4410(0x1ff, _t224 + 0x100, _t210, 0xb0ad0d00) == 0x00000000;
				goto 0xb0aa8b7f;
				 *(_t217 + 0x280) =  *(_t217 + 0x280) & 0x00000000;
				 *((intOrPtr*)(_t217 + 0x27c)) =  *((intOrPtr*)(_t214 + 4));
				 *(_t214 + 0x108) =  *(_t217 + 0x280);
				if (r15d != 1) goto 0xb0aa8ba1;
				 *((intOrPtr*)(_t214 + 8)) =  *((intOrPtr*)(_t224 + 0x40));
				_t133 =  *((intOrPtr*)(0xb0ad0c80 + (_t240 + _t240 * 2) * 8))(_t219);
				_t178 =  *((intOrPtr*)(_t224 + 0x58));
				if (_t133 == 0) goto 0xb0aa8bdd;
				 *((long long*)(_t183 + _t214 + 0x48)) = _t178;
				free(_t230);
				r11d =  *(_t224 + 0x50);
				 *(_t214 + _t234 * 4) = r11d;
				 *((intOrPtr*)(_t214 + 4)) =  *((intOrPtr*)(_t224 + 0x44));
				goto 0xb0aa89ae;
				_t163 = _t178 - 0xb0ae0a20;
				if (_t163 == 0) goto 0xb0aa8c12;
				asm("lock add dword [edx], 0xffffffff");
				if (_t163 != 0) goto 0xb0aa8c12;
				free(_t213);
				free(_t216);
				 *(_t183 + _t214 + 0x50) =  *(_t183 + _t214 + 0x50) & 0x00000000;
				 *_t231 = 1;
				 *(_t183 + _t214 + 0x58) = _t231;
				return E00007FF67FF6B0AA4050(E00007FF67FF6B0AB4410(0x1ff, _t224 + 0x100, _t210, 0xb0ad0d00) == 0,  *(_t224 + 0x200) ^ _t224,  *(_t183 + _t214 + 0x58), 0xb0ad0d00, _t224 + 0x48);
			}

































                                                                                                                                                                                                    0x7ff6b0aa8948
                                                                                                                                                                                                    0x7ff6b0aa8948
                                                                                                                                                                                                    0x7ff6b0aa8948
                                                                                                                                                                                                    0x7ff6b0aa8958
                                                                                                                                                                                                    0x7ff6b0aa895f
                                                                                                                                                                                                    0x7ff6b0aa8966
                                                                                                                                                                                                    0x7ff6b0aa8969
                                                                                                                                                                                                    0x7ff6b0aa8974
                                                                                                                                                                                                    0x7ff6b0aa8977
                                                                                                                                                                                                    0x7ff6b0aa897a
                                                                                                                                                                                                    0x7ff6b0aa8989
                                                                                                                                                                                                    0x7ff6b0aa898c
                                                                                                                                                                                                    0x7ff6b0aa8991
                                                                                                                                                                                                    0x7ff6b0aa899a
                                                                                                                                                                                                    0x7ff6b0aa899f
                                                                                                                                                                                                    0x7ff6b0aa89a4
                                                                                                                                                                                                    0x7ff6b0aa89ac
                                                                                                                                                                                                    0x7ff6b0aa89b0
                                                                                                                                                                                                    0x7ff6b0aa89bd
                                                                                                                                                                                                    0x7ff6b0aa89cd
                                                                                                                                                                                                    0x7ff6b0aa89d8
                                                                                                                                                                                                    0x7ff6b0aa89dd
                                                                                                                                                                                                    0x7ff6b0aa89e0
                                                                                                                                                                                                    0x7ff6b0aa89e4
                                                                                                                                                                                                    0x7ff6b0aa89e9
                                                                                                                                                                                                    0x7ff6b0aa89ef
                                                                                                                                                                                                    0x7ff6b0aa89f6
                                                                                                                                                                                                    0x7ff6b0aa89ff
                                                                                                                                                                                                    0x7ff6b0aa8a08
                                                                                                                                                                                                    0x7ff6b0aa8a0e
                                                                                                                                                                                                    0x7ff6b0aa8a1e
                                                                                                                                                                                                    0x7ff6b0aa8a23
                                                                                                                                                                                                    0x7ff6b0aa8a2b
                                                                                                                                                                                                    0x7ff6b0aa8a2f
                                                                                                                                                                                                    0x7ff6b0aa8a34
                                                                                                                                                                                                    0x7ff6b0aa8a39
                                                                                                                                                                                                    0x7ff6b0aa8a44
                                                                                                                                                                                                    0x7ff6b0aa8a46
                                                                                                                                                                                                    0x7ff6b0aa8a4c
                                                                                                                                                                                                    0x7ff6b0aa8a4f
                                                                                                                                                                                                    0x7ff6b0aa8a56
                                                                                                                                                                                                    0x7ff6b0aa8a60
                                                                                                                                                                                                    0x7ff6b0aa8a65
                                                                                                                                                                                                    0x7ff6b0aa8a6a
                                                                                                                                                                                                    0x7ff6b0aa8a74
                                                                                                                                                                                                    0x7ff6b0aa8a7a
                                                                                                                                                                                                    0x7ff6b0aa8a7e
                                                                                                                                                                                                    0x7ff6b0aa8a87
                                                                                                                                                                                                    0x7ff6b0aa8a91
                                                                                                                                                                                                    0x7ff6b0aa8a96
                                                                                                                                                                                                    0x7ff6b0aa8aaa
                                                                                                                                                                                                    0x7ff6b0aa8ab4
                                                                                                                                                                                                    0x7ff6b0aa8abf
                                                                                                                                                                                                    0x7ff6b0aa8ac9
                                                                                                                                                                                                    0x7ff6b0aa8acb
                                                                                                                                                                                                    0x7ff6b0aa8ad0
                                                                                                                                                                                                    0x7ff6b0aa8ad2
                                                                                                                                                                                                    0x7ff6b0aa8add
                                                                                                                                                                                                    0x7ff6b0aa8ae4
                                                                                                                                                                                                    0x7ff6b0aa8af0
                                                                                                                                                                                                    0x7ff6b0aa8af9
                                                                                                                                                                                                    0x7ff6b0aa8afd
                                                                                                                                                                                                    0x7ff6b0aa8b05
                                                                                                                                                                                                    0x7ff6b0aa8b13
                                                                                                                                                                                                    0x7ff6b0aa8b1f
                                                                                                                                                                                                    0x7ff6b0aa8b22
                                                                                                                                                                                                    0x7ff6b0aa8b27
                                                                                                                                                                                                    0x7ff6b0aa8b31
                                                                                                                                                                                                    0x7ff6b0aa8b33
                                                                                                                                                                                                    0x7ff6b0aa8b42
                                                                                                                                                                                                    0x7ff6b0aa8b4d
                                                                                                                                                                                                    0x7ff6b0aa8b4f
                                                                                                                                                                                                    0x7ff6b0aa8b5e
                                                                                                                                                                                                    0x7ff6b0aa8b70
                                                                                                                                                                                                    0x7ff6b0aa8b76
                                                                                                                                                                                                    0x7ff6b0aa8b78
                                                                                                                                                                                                    0x7ff6b0aa8b82
                                                                                                                                                                                                    0x7ff6b0aa8b8e
                                                                                                                                                                                                    0x7ff6b0aa8b98
                                                                                                                                                                                                    0x7ff6b0aa8b9e
                                                                                                                                                                                                    0x7ff6b0aa8baf
                                                                                                                                                                                                    0x7ff6b0aa8bb4
                                                                                                                                                                                                    0x7ff6b0aa8bb9
                                                                                                                                                                                                    0x7ff6b0aa8bbe
                                                                                                                                                                                                    0x7ff6b0aa8bc3
                                                                                                                                                                                                    0x7ff6b0aa8bc8
                                                                                                                                                                                                    0x7ff6b0aa8bd1
                                                                                                                                                                                                    0x7ff6b0aa8bd5
                                                                                                                                                                                                    0x7ff6b0aa8bd8
                                                                                                                                                                                                    0x7ff6b0aa8be4
                                                                                                                                                                                                    0x7ff6b0aa8be7
                                                                                                                                                                                                    0x7ff6b0aa8bee
                                                                                                                                                                                                    0x7ff6b0aa8bf2
                                                                                                                                                                                                    0x7ff6b0aa8bf9
                                                                                                                                                                                                    0x7ff6b0aa8c07
                                                                                                                                                                                                    0x7ff6b0aa8c0c
                                                                                                                                                                                                    0x7ff6b0aa8c12
                                                                                                                                                                                                    0x7ff6b0aa8c1a
                                                                                                                                                                                                    0x7ff6b0aa8c4e

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3186804695-0
                                                                                                                                                                                                    • Opcode ID: b831a8e5acdfc9b34b1f275e6a2a44ae26707a0638727e3522d71a78b478d697
                                                                                                                                                                                                    • Instruction ID: 178d1006884c9e58b8c436b19faf9a209d32f39d5a0961a160491d0970350207
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b831a8e5acdfc9b34b1f275e6a2a44ae26707a0638727e3522d71a78b478d697
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86819173A19682A6DB24DF29E1807AABBA0FB44784F604535DB4D87B96DF3CE451CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A9C2A0 Relevance: 6.1, APIs: 4, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                                                                    			E00007FF67FF6B0A9C2A0(void* __ebx, void* __edx, void* __ebp, long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rsi, void* __rbp, intOrPtr* __r8, void* __r9) {
				void* _v40;
				intOrPtr _v48;
				intOrPtr _v64;
				long long _v88;
				void* __rdi;
				void* __r12;
				void* _t55;
				void* _t58;
				void* _t61;
				intOrPtr _t89;
				intOrPtr _t90;
				intOrPtr _t93;
				signed long long _t94;
				intOrPtr _t97;
				intOrPtr* _t101;
				intOrPtr* _t104;
				long long _t110;
				long long* _t113;
				long long* _t114;
				intOrPtr _t123;
				void* _t125;
				signed long long _t129;
				signed long long _t131;
				intOrPtr* _t134;
				void* _t137;
				intOrPtr* _t140;
				void* _t142;
				void* _t143;
				signed long long _t145;
				void* _t147;
				void* _t149;
				intOrPtr* _t150;
				void* _t152;

				_t142 = __r9;
				_t140 = __r8;
				_t136 = __rbp;
				_t61 = __ebp;
				_t143 = _t137;
				 *((long long*)(_t143 + 8)) = __rcx;
				_v88 = 0xfffffffe;
				 *((long long*)(_t143 + 0x10)) = __rbx;
				 *((long long*)(_t143 + 0x18)) = __rsi;
				_t150 = __r8;
				_t134 = __rdx;
				_t110 = __rcx;
				_t113 = _t143 - 0x38;
				 *_t113 =  *__r8;
				 *((long long*)(_t113 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t114 = _t143 - 0x48;
				 *_t114 =  *__rdx;
				 *((long long*)(_t114 + 8)) =  *((intOrPtr*)(__rdx + 8));
				_t89 =  *((intOrPtr*)(_t143 - 0x38));
				if (_t89 == 0) goto 0xb0a9c301;
				if (_t89 ==  *((intOrPtr*)(_t143 - 0x48))) goto 0xb0a9c306;
				E00007FF67FF6B0AA44B8();
				_t90 = _v64;
				_t123 = _v48;
				if (_t90 - _t123 > 0) goto 0xb0a9c31a;
				goto 0xb0a9c31d;
				_t125 = _t123 - _t90 - _t90;
				_t129 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t129 - _t125 > 0) goto 0xb0a9c35a;
				if ( *((intOrPtr*)(__rcx + 0x20)) == _t125) goto 0xb0a9c35a;
				r8b = 1;
				if (E00007FF67FF6B0A924C0(__rcx, __rcx, _t125, __rdx, __rbp, _t145, _t152, _t149) == 0) goto 0xb0a9c35a;
				 *(_t110 + 0x18) = _t129;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0xb0a9c34c;
				goto 0xb0a9c350;
				r12d = 0;
				 *((intOrPtr*)(_t110 + 8 + _t129 * 2)) = r12w;
				goto 0xb0a9c35d;
				r12d = 0;
				_t93 =  *_t134;
				if (_t93 == 0) goto 0xb0a9c374;
				if (_t93 ==  *_t150) goto 0xb0a9c379;
				E00007FF67FF6B0AA44B8();
				_t94 =  *((intOrPtr*)(_t150 + 8));
				if ( *((intOrPtr*)(_t134 + 8)) == _t94) goto 0xb0a9c46e;
				E00007FF67FF6B0A9BBB0(_t61, _t110, _t134, _t134, _t136);
				r13d =  *_t94 & 0x0000ffff;
				if ((_t94 | 0xffffffff) -  *(_t110 + 0x18) - 1 > 0) goto 0xb0a9c3a6;
				E00007FF67FF6B0AA33CC((_t94 | 0xffffffff) -  *(_t110 + 0x18), _t110, _t129, _t136, _t140, _t142);
				_t131 =  *(_t110 + 0x18) + 1;
				if (_t131 - 0xfffffffe <= 0) goto 0xb0a9c3b7;
				_t55 = E00007FF67FF6B0AA33CC((_t94 | 0xffffffff) -  *(_t110 + 0x18), _t110, _t131, _t136, _t140, _t142);
				_t97 =  *((intOrPtr*)(_t110 + 0x20));
				if (_t97 - _t131 >= 0) goto 0xb0a9c3d1;
				E00007FF67FF6B0A926D0(_t55, _t110, _t131,  *(_t110 + 0x18), _t147, _t145);
				goto 0xb0a9c3f0;
				if (_t131 != 0) goto 0xb0a9c3f0;
				 *(_t110 + 0x18) = _t145;
				if (_t97 - 8 < 0) goto 0xb0a9c3e6;
				goto 0xb0a9c3ea;
				 *((intOrPtr*)(_t110 + 8)) = r12w;
				goto 0xb0a9c428;
				if (_t131 == 0) goto 0xb0a9c428;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0xb0a9c409;
				goto 0xb0a9c410;
				_t101 = _t110 + 8;
				 *((intOrPtr*)(_t101 +  *(_t110 + 0x18) * 2)) = r13w;
				 *(_t110 + 0x18) = _t131;
				if ( *((long long*)(_t110 + 0x20)) - 8 < 0) goto 0xb0a9c423;
				 *((intOrPtr*)( *_t101 + _t131 * 2)) = r12w;
				if ( *_t134 != 0) goto 0xb0a9c442;
				E00007FF67FF6B0AA44B8();
				_t104 =  *_t134;
				if (_t104 != 0) goto 0xb0a9c442;
				goto 0xb0a9c445;
				if (_t104 == 0) goto 0xb0a9c44f;
				goto 0xb0a9c452;
				if ( *((intOrPtr*)(_t134 + 8)) -  *((intOrPtr*)(_t145 + 0x38)) +  *((intOrPtr*)( *_t104 + 0x30)) < 0) goto 0xb0a9c465;
				_t58 = E00007FF67FF6B0AA44B8();
				 *((long long*)(_t134 + 8)) =  *((long long*)(_t134 + 8)) + 1;
				goto 0xb0a9c367;
				return _t58;
			}




































                                                                                                                                                                                                    0x7ff6b0a9c2a0
                                                                                                                                                                                                    0x7ff6b0a9c2a0
                                                                                                                                                                                                    0x7ff6b0a9c2a0
                                                                                                                                                                                                    0x7ff6b0a9c2a0
                                                                                                                                                                                                    0x7ff6b0a9c2a0
                                                                                                                                                                                                    0x7ff6b0a9c2a3
                                                                                                                                                                                                    0x7ff6b0a9c2b4
                                                                                                                                                                                                    0x7ff6b0a9c2bd
                                                                                                                                                                                                    0x7ff6b0a9c2c1
                                                                                                                                                                                                    0x7ff6b0a9c2c5
                                                                                                                                                                                                    0x7ff6b0a9c2c8
                                                                                                                                                                                                    0x7ff6b0a9c2cb
                                                                                                                                                                                                    0x7ff6b0a9c2ce
                                                                                                                                                                                                    0x7ff6b0a9c2d5
                                                                                                                                                                                                    0x7ff6b0a9c2dc
                                                                                                                                                                                                    0x7ff6b0a9c2e0
                                                                                                                                                                                                    0x7ff6b0a9c2e7
                                                                                                                                                                                                    0x7ff6b0a9c2ee
                                                                                                                                                                                                    0x7ff6b0a9c2f2
                                                                                                                                                                                                    0x7ff6b0a9c2f9
                                                                                                                                                                                                    0x7ff6b0a9c2ff
                                                                                                                                                                                                    0x7ff6b0a9c301
                                                                                                                                                                                                    0x7ff6b0a9c306
                                                                                                                                                                                                    0x7ff6b0a9c30b
                                                                                                                                                                                                    0x7ff6b0a9c313
                                                                                                                                                                                                    0x7ff6b0a9c318
                                                                                                                                                                                                    0x7ff6b0a9c31a
                                                                                                                                                                                                    0x7ff6b0a9c31d
                                                                                                                                                                                                    0x7ff6b0a9c324
                                                                                                                                                                                                    0x7ff6b0a9c32a
                                                                                                                                                                                                    0x7ff6b0a9c32c
                                                                                                                                                                                                    0x7ff6b0a9c339
                                                                                                                                                                                                    0x7ff6b0a9c33b
                                                                                                                                                                                                    0x7ff6b0a9c344
                                                                                                                                                                                                    0x7ff6b0a9c34a
                                                                                                                                                                                                    0x7ff6b0a9c350
                                                                                                                                                                                                    0x7ff6b0a9c353
                                                                                                                                                                                                    0x7ff6b0a9c358
                                                                                                                                                                                                    0x7ff6b0a9c35a
                                                                                                                                                                                                    0x7ff6b0a9c367
                                                                                                                                                                                                    0x7ff6b0a9c36d
                                                                                                                                                                                                    0x7ff6b0a9c372
                                                                                                                                                                                                    0x7ff6b0a9c374
                                                                                                                                                                                                    0x7ff6b0a9c379
                                                                                                                                                                                                    0x7ff6b0a9c381
                                                                                                                                                                                                    0x7ff6b0a9c38a
                                                                                                                                                                                                    0x7ff6b0a9c38f
                                                                                                                                                                                                    0x7ff6b0a9c39f
                                                                                                                                                                                                    0x7ff6b0a9c3a1
                                                                                                                                                                                                    0x7ff6b0a9c3aa
                                                                                                                                                                                                    0x7ff6b0a9c3b0
                                                                                                                                                                                                    0x7ff6b0a9c3b2
                                                                                                                                                                                                    0x7ff6b0a9c3b7
                                                                                                                                                                                                    0x7ff6b0a9c3be
                                                                                                                                                                                                    0x7ff6b0a9c3ca
                                                                                                                                                                                                    0x7ff6b0a9c3cf
                                                                                                                                                                                                    0x7ff6b0a9c3d4
                                                                                                                                                                                                    0x7ff6b0a9c3d6
                                                                                                                                                                                                    0x7ff6b0a9c3de
                                                                                                                                                                                                    0x7ff6b0a9c3e4
                                                                                                                                                                                                    0x7ff6b0a9c3ea
                                                                                                                                                                                                    0x7ff6b0a9c3ee
                                                                                                                                                                                                    0x7ff6b0a9c3f3
                                                                                                                                                                                                    0x7ff6b0a9c3fe
                                                                                                                                                                                                    0x7ff6b0a9c407
                                                                                                                                                                                                    0x7ff6b0a9c409
                                                                                                                                                                                                    0x7ff6b0a9c410
                                                                                                                                                                                                    0x7ff6b0a9c415
                                                                                                                                                                                                    0x7ff6b0a9c41e
                                                                                                                                                                                                    0x7ff6b0a9c423
                                                                                                                                                                                                    0x7ff6b0a9c42e
                                                                                                                                                                                                    0x7ff6b0a9c430
                                                                                                                                                                                                    0x7ff6b0a9c435
                                                                                                                                                                                                    0x7ff6b0a9c43b
                                                                                                                                                                                                    0x7ff6b0a9c440
                                                                                                                                                                                                    0x7ff6b0a9c448
                                                                                                                                                                                                    0x7ff6b0a9c44d
                                                                                                                                                                                                    0x7ff6b0a9c45e
                                                                                                                                                                                                    0x7ff6b0a9c460
                                                                                                                                                                                                    0x7ff6b0a9c465
                                                                                                                                                                                                    0x7ff6b0a9c469
                                                                                                                                                                                                    0x7ff6b0a9c487

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                    • Opcode ID: 5c141b8904f02e943c942c556673060c55fd9cceccc76b955d807c772474a688
                                                                                                                                                                                                    • Instruction ID: 518ec702d53cfcf27c4cb40bcbb95c862493d5a4d04ae9ed57a90c8f61c58e83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c141b8904f02e943c942c556673060c55fd9cceccc76b955d807c772474a688
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11515A23709F41A1EA148F19D15402DA7A4FB44FE4B648A35CB6D8B7D7DF3AE891C350
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACA770 Relevance: 6.1, APIs: 4, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                                                                    			E00007FF67FF6B0ACA770(void* __ebx, signed int __ecx, void* __edx, void* __edi, long long __rcx, void* __r8, void* __r9, long long _a40, intOrPtr _a48, void* _a56, void* _a64) {
				signed int _v56;
				long long _v64;
				intOrPtr _v88;
				char _v96;
				long long _v104;
				signed int _v112;
				short _v128;
				char _v136;
				char _v152;
				long long _v168;
				char _v184;
				long long _v192;
				long long _v200;
				long long _v208;
				long long _v216;
				signed char _v232;
				intOrPtr _v248;
				long long _v256;
				void* _v264;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t72;
				void* _t73;
				signed long long _t92;
				long long _t105;
				long long _t106;
				short _t111;
				short _t112;
				long long _t130;
				long long _t132;
				void* _t133;
				signed int _t134;
				signed long long _t138;

				_t142 = __r9;
				_t72 = __edi;
				_t69 = __ecx;
				_v168 = 0xfffffffe;
				_t92 =  *0xb0ae0430; // 0x449f37dbf1f
				_v56 = _t92 ^  &_v264;
				_t73 = __edx;
				_t106 = __rcx;
				if (r8d -  *((intOrPtr*)(__rcx + 0x318)) < 0) goto 0xb0aca9e5;
				r9d =  *(__rcx + 0x2c);
				_v248 = _a48;
				_v256 = _a40;
				_v264 = __r9;
				E00007FF67FF6B0ACA270(__ebx, __ecx, __rcx,  &_v96, _t134, __r8, __r9);
				_v104 = 7;
				_v112 = _t134;
				_v128 = 0;
				E00007FF67FF6B0A979A0();
				_t111 = _v128;
				_t145 =  >=  ? _t111 :  &_v128;
				_t138 = _v112;
				_t130 = ( >=  ? _t111 :  &_v128) + _t138 * 2;
				if (_t130 == 0) goto 0xb0aca87d;
				_t95 =  >=  ? _t111 :  &_v128;
				_t79 = ( >=  ? _t111 :  &_v128) - _t130;
				if (( >=  ? _t111 :  &_v128) - _t130 > 0) goto 0xb0aca87d;
				_t97 =  >=  ? _t111 :  &_v128;
				if (_t130 - ( >=  ? _t111 :  &_v128) + _t138 * 2 <= 0) goto 0xb0aca89a;
				E00007FF67FF6B0AA44B8();
				_t112 = _v128;
				_v216 =  &_v136;
				_v208 = _t130;
				if (_v104 - 8 < 0) goto 0xb0aca8bc;
				if (_t112 == 0) goto 0xb0aca8f2;
				goto 0xb0aca8c4;
				_t132 =  &_v128;
				_t101 =  >=  ? _t112 :  &_v128;
				_t85 = ( >=  ? _t112 :  &_v128) - _t132;
				if (( >=  ? _t112 :  &_v128) - _t132 > 0) goto 0xb0aca8f2;
				_t103 =  >=  ? _t112 :  &_v128;
				if (_t132 - ( >=  ? _t112 :  &_v128) + _v112 * 2 <= 0) goto 0xb0aca8f7;
				E00007FF67FF6B0AA44B8();
				_t105 =  &_v136;
				_v200 = _t105;
				_v192 = _t132;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x90], xmm0");
				asm("movaps xmm1, [esp+0x60]");
				asm("movdqa [esp+0x70], xmm1");
				r9d = _v232 & 0x000000ff;
				E00007FF67FF6B0A9CD30( &_v96,  &_v184,  &_v152);
				r8d = 2;
				E00007FF67FF6B0A947C0(_t106,  &_v96, L"\r\n", _t132, _t133, _t134,  &_v152);
				_v216 = _t106;
				EnterCriticalSection(??);
				E00007FF67FF6B0AC9FC0(_t73, _t106, _t106, _t133);
				if (_t105 == 0xffffffff) goto 0xb0aca98f;
				E00007FF67FF6B0ACA560(__ebx, _t69, _t72, _t106, _t106, _t105, _t134,  &_v96, _t142);
				LeaveCriticalSection(??);
				if (_v104 - 8 < 0) goto 0xb0aca9b1;
				E00007FF67FF6B0AA44D8(_t105, _t106, _v128, _t105, _t133,  &_v96, _t142);
				_v104 = 7;
				_v112 = _t134;
				_v128 = 0;
				if (_v64 - 8 < 0) goto 0xb0aca9e5;
				E00007FF67FF6B0AA44D8(_t105, _t106, _v88, _t105, _t133,  &_v96, _t142);
				return E00007FF67FF6B0AA4050(_t69, _v56 ^  &_v264, _t105,  &_v96, _t142);
			}






































                                                                                                                                                                                                    0x7ff6b0aca770
                                                                                                                                                                                                    0x7ff6b0aca770
                                                                                                                                                                                                    0x7ff6b0aca770
                                                                                                                                                                                                    0x7ff6b0aca77c
                                                                                                                                                                                                    0x7ff6b0aca788
                                                                                                                                                                                                    0x7ff6b0aca792
                                                                                                                                                                                                    0x7ff6b0aca79d
                                                                                                                                                                                                    0x7ff6b0aca79f
                                                                                                                                                                                                    0x7ff6b0aca7b3
                                                                                                                                                                                                    0x7ff6b0aca7b9
                                                                                                                                                                                                    0x7ff6b0aca7c4
                                                                                                                                                                                                    0x7ff6b0aca7c8
                                                                                                                                                                                                    0x7ff6b0aca7cd
                                                                                                                                                                                                    0x7ff6b0aca7dd
                                                                                                                                                                                                    0x7ff6b0aca7e3
                                                                                                                                                                                                    0x7ff6b0aca7f1
                                                                                                                                                                                                    0x7ff6b0aca7f9
                                                                                                                                                                                                    0x7ff6b0aca819
                                                                                                                                                                                                    0x7ff6b0aca826
                                                                                                                                                                                                    0x7ff6b0aca83a
                                                                                                                                                                                                    0x7ff6b0aca83e
                                                                                                                                                                                                    0x7ff6b0aca846
                                                                                                                                                                                                    0x7ff6b0aca84d
                                                                                                                                                                                                    0x7ff6b0aca85b
                                                                                                                                                                                                    0x7ff6b0aca85f
                                                                                                                                                                                                    0x7ff6b0aca862
                                                                                                                                                                                                    0x7ff6b0aca870
                                                                                                                                                                                                    0x7ff6b0aca87b
                                                                                                                                                                                                    0x7ff6b0aca87d
                                                                                                                                                                                                    0x7ff6b0aca892
                                                                                                                                                                                                    0x7ff6b0aca8a2
                                                                                                                                                                                                    0x7ff6b0aca8a7
                                                                                                                                                                                                    0x7ff6b0aca8b0
                                                                                                                                                                                                    0x7ff6b0aca8b8
                                                                                                                                                                                                    0x7ff6b0aca8ba
                                                                                                                                                                                                    0x7ff6b0aca8bc
                                                                                                                                                                                                    0x7ff6b0aca8d0
                                                                                                                                                                                                    0x7ff6b0aca8d4
                                                                                                                                                                                                    0x7ff6b0aca8d7
                                                                                                                                                                                                    0x7ff6b0aca8e5
                                                                                                                                                                                                    0x7ff6b0aca8f0
                                                                                                                                                                                                    0x7ff6b0aca8f2
                                                                                                                                                                                                    0x7ff6b0aca8f7
                                                                                                                                                                                                    0x7ff6b0aca8ff
                                                                                                                                                                                                    0x7ff6b0aca904
                                                                                                                                                                                                    0x7ff6b0aca909
                                                                                                                                                                                                    0x7ff6b0aca90e
                                                                                                                                                                                                    0x7ff6b0aca917
                                                                                                                                                                                                    0x7ff6b0aca91c
                                                                                                                                                                                                    0x7ff6b0aca922
                                                                                                                                                                                                    0x7ff6b0aca93d
                                                                                                                                                                                                    0x7ff6b0aca942
                                                                                                                                                                                                    0x7ff6b0aca957
                                                                                                                                                                                                    0x7ff6b0aca95c
                                                                                                                                                                                                    0x7ff6b0aca964
                                                                                                                                                                                                    0x7ff6b0aca970
                                                                                                                                                                                                    0x7ff6b0aca979
                                                                                                                                                                                                    0x7ff6b0aca989
                                                                                                                                                                                                    0x7ff6b0aca992
                                                                                                                                                                                                    0x7ff6b0aca9a2
                                                                                                                                                                                                    0x7ff6b0aca9ac
                                                                                                                                                                                                    0x7ff6b0aca9b1
                                                                                                                                                                                                    0x7ff6b0aca9bd
                                                                                                                                                                                                    0x7ff6b0aca9c5
                                                                                                                                                                                                    0x7ff6b0aca9d6
                                                                                                                                                                                                    0x7ff6b0aca9e0
                                                                                                                                                                                                    0x7ff6b0acaa00

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf$CriticalSection_invalid_parameter_noinfo$CurrentEnterLeaveSystemThreadTime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1744438772-0
                                                                                                                                                                                                    • Opcode ID: e23f237a98b1d8089097f5cf546f0080097a3824f3602463ab54cee6507bbf80
                                                                                                                                                                                                    • Instruction ID: 4061993cdc3fd5267552ce874b777d49ff2f63a1651c998cab5f7964d2edcb9c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e23f237a98b1d8089097f5cf546f0080097a3824f3602463ab54cee6507bbf80
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16515D2360DBC1A5EA708B18E8407EAB765FB85794F404631DADD83B9ADF3CD089CB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA9250 Relevance: 6.1, APIs: 4, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                                                    			E00007FF67FF6B0AA9250(long long __rcx, long long __rdx, long long __r8, intOrPtr _a8, void* _a16, intOrPtr _a24, intOrPtr _a32) {
				long long _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _t63;
				void* _t65;
				signed long long _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				void* _t69;
				long long _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t100;
				long long _t112;
				long long _t115;
				void* _t121;
				signed long long _t123;
				long long _t128;

				_t80 = _t115;
				 *((intOrPtr*)(_t80 + 0x20)) = r9d;
				 *((long long*)(_t80 + 0x18)) = __r8;
				 *((long long*)(_t80 + 0x10)) = __rdx;
				 *((long long*)(_t80 + 8)) = __rcx;
				r13d = r9d;
				_t112 = __r8;
				_t128 = __rcx;
				_t66 = E00007FF67FF6B0AB2550(__rcx, __rdx, __r8);
				E00007FF67FF6B0AA72E8(_t80);
				_v64 = _t80;
				E00007FF67FF6B0AAB93C(_t65, _t69, _t80);
				 *((intOrPtr*)(_t80 + 0x100)) =  *((intOrPtr*)(_t80 + 0x100)) + 1;
				if (_t66 == 0xffffffff) goto 0xb0aa939b;
				if (_t66 - r13d <= 0) goto 0xb0aa939b;
				if (_t66 - 0xffffffff <= 0) goto 0xb0aa92b9;
				if (_t66 -  *((intOrPtr*)(_t112 + 4)) < 0) goto 0xb0aa92be;
				E00007FF67FF6B0AB0148(_t80);
				_t123 = _t66;
				E00007FF67FF6B0AA72E8(_t80);
				_t81 = _t80 + _t123 * 8;
				_t67 =  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t81));
				_v72 = _t67;
				E00007FF67FF6B0AA72E8(_t81);
				_t82 = _t81 + _t123 * 8;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t82 + 4)) == 0) goto 0xb0aa930a;
				E00007FF67FF6B0AA72E8(_t82);
				_t83 = _t82 + _t123 * 8;
				E00007FF67FF6B0AA72E8(_t83);
				_t84 = _t83 +  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t83 + 4));
				goto 0xb0aa930c;
				if (_t84 == 0) goto 0xb0aa936d;
				r9d = _t67;
				E00007FF67FF6B0AB2578(0, _t128, _t112);
				E00007FF67FF6B0AA72E8(_t84);
				_t100 =  *((intOrPtr*)(_t112 + 8));
				_t85 = _t84 + _t123 * 8;
				_t76 =  *((intOrPtr*)(_t100 + _t85 + 4));
				if ( *((intOrPtr*)(_t100 + _t85 + 4)) == 0) goto 0xb0aa9352;
				E00007FF67FF6B0AA72E8(_t85);
				_t86 = _t85 + _t123 * 8;
				E00007FF67FF6B0AA72E8(_t86);
				_t87 = _t86 +  *((intOrPtr*)( *((intOrPtr*)(_t112 + 8)) + _t86 + 4));
				goto 0xb0aa9354;
				r8d = 0x103;
				E00007FF67FF6B0ACC050(_t87, _t128, _t121);
				E00007FF67FF6B0AA7318(_t87, _t80);
				r13d = _a32;
				_t68 = _v72;
				_v68 = _t68;
				goto 0xb0aa929d;
				E00007FF67FF6B0AAB93C(_t65, _t76, _t87);
				if ( *((intOrPtr*)(_t87 + 0x100)) <= 0) goto 0xb0aa93b4;
				E00007FF67FF6B0AAB93C(_t65,  *((intOrPtr*)(_t87 + 0x100)), _t87);
				 *((intOrPtr*)(_t87 + 0x100)) =  *((intOrPtr*)(_t87 + 0x100)) - 1;
				if (_t68 == 0xffffffff) goto 0xb0aa93c3;
				if (_t68 - r13d <= 0) goto 0xb0aa93c3;
				_t63 = E00007FF67FF6B0AB0148(_t87);
				r9d = _t68;
				return E00007FF67FF6B0AB2578(_t63, _a8, _a24);
			}


























                                                                                                                                                                                                    0x7ff6b0aa9250
                                                                                                                                                                                                    0x7ff6b0aa9253
                                                                                                                                                                                                    0x7ff6b0aa9257
                                                                                                                                                                                                    0x7ff6b0aa925b
                                                                                                                                                                                                    0x7ff6b0aa925f
                                                                                                                                                                                                    0x7ff6b0aa9272
                                                                                                                                                                                                    0x7ff6b0aa9275
                                                                                                                                                                                                    0x7ff6b0aa927b
                                                                                                                                                                                                    0x7ff6b0aa9283
                                                                                                                                                                                                    0x7ff6b0aa9285
                                                                                                                                                                                                    0x7ff6b0aa928d
                                                                                                                                                                                                    0x7ff6b0aa9292
                                                                                                                                                                                                    0x7ff6b0aa9297
                                                                                                                                                                                                    0x7ff6b0aa92a0
                                                                                                                                                                                                    0x7ff6b0aa92a9
                                                                                                                                                                                                    0x7ff6b0aa92b2
                                                                                                                                                                                                    0x7ff6b0aa92b7
                                                                                                                                                                                                    0x7ff6b0aa92b9
                                                                                                                                                                                                    0x7ff6b0aa92be
                                                                                                                                                                                                    0x7ff6b0aa92c1
                                                                                                                                                                                                    0x7ff6b0aa92ca
                                                                                                                                                                                                    0x7ff6b0aa92ce
                                                                                                                                                                                                    0x7ff6b0aa92d1
                                                                                                                                                                                                    0x7ff6b0aa92d5
                                                                                                                                                                                                    0x7ff6b0aa92de
                                                                                                                                                                                                    0x7ff6b0aa92e7
                                                                                                                                                                                                    0x7ff6b0aa92e9
                                                                                                                                                                                                    0x7ff6b0aa92f2
                                                                                                                                                                                                    0x7ff6b0aa92fb
                                                                                                                                                                                                    0x7ff6b0aa9300
                                                                                                                                                                                                    0x7ff6b0aa9308
                                                                                                                                                                                                    0x7ff6b0aa930f
                                                                                                                                                                                                    0x7ff6b0aa9311
                                                                                                                                                                                                    0x7ff6b0aa931d
                                                                                                                                                                                                    0x7ff6b0aa9322
                                                                                                                                                                                                    0x7ff6b0aa9327
                                                                                                                                                                                                    0x7ff6b0aa932b
                                                                                                                                                                                                    0x7ff6b0aa932f
                                                                                                                                                                                                    0x7ff6b0aa9334
                                                                                                                                                                                                    0x7ff6b0aa9336
                                                                                                                                                                                                    0x7ff6b0aa933f
                                                                                                                                                                                                    0x7ff6b0aa9348
                                                                                                                                                                                                    0x7ff6b0aa934d
                                                                                                                                                                                                    0x7ff6b0aa9350
                                                                                                                                                                                                    0x7ff6b0aa9354
                                                                                                                                                                                                    0x7ff6b0aa9360
                                                                                                                                                                                                    0x7ff6b0aa9368
                                                                                                                                                                                                    0x7ff6b0aa936f
                                                                                                                                                                                                    0x7ff6b0aa9389
                                                                                                                                                                                                    0x7ff6b0aa938d
                                                                                                                                                                                                    0x7ff6b0aa9396
                                                                                                                                                                                                    0x7ff6b0aa939b
                                                                                                                                                                                                    0x7ff6b0aa93a7
                                                                                                                                                                                                    0x7ff6b0aa93a9
                                                                                                                                                                                                    0x7ff6b0aa93ae
                                                                                                                                                                                                    0x7ff6b0aa93b7
                                                                                                                                                                                                    0x7ff6b0aa93bc
                                                                                                                                                                                                    0x7ff6b0aa93be
                                                                                                                                                                                                    0x7ff6b0aa93c3
                                                                                                                                                                                                    0x7ff6b0aa93e3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$BaseImage
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2482573191-0
                                                                                                                                                                                                    • Opcode ID: 5665795fcf005ae9679d0fd918da8335e09ef8a53e3ab91a4d23fb740d9e4aa0
                                                                                                                                                                                                    • Instruction ID: ba8bd26aac34a74e8b4890b99ff866708677706bd029c8bdc7f2074efe524446
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5665795fcf005ae9679d0fd918da8335e09ef8a53e3ab91a4d23fb740d9e4aa0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8419523B08602A1EE20971DD4812BD6FA4AF85B94F658A35EB5DC77E3CF3CE4469300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA8214 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                                                    			E00007FF67FF6B0AA8214(void* __edi, void* __esi, long long __rcx, void* __rsi) {
				void* __rbx;
				void* _t4;
				intOrPtr _t15;
				void* _t23;
				intOrPtr* _t30;
				void* _t36;

				if (__rcx == 0) goto 0xb0aa82ba;
				E00007FF67FF6B0AAFF60();
				_t15 =  *((intOrPtr*)(__rcx + 8));
				if (_t15 == 0) goto 0xb0aa8255;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t15 != 0) goto 0xb0aa8255;
				if ( *((intOrPtr*)(__rcx + 8)) == 0xb0ae0bb0) goto 0xb0aa8255;
				free(_t23);
				E00007FF67FF6B0AAFE60();
				if ( *((long long*)(__rcx)) == 0) goto 0xb0aa82a1;
				E00007FF67FF6B0AAFF60();
				E00007FF67FF6B0AA809C(_t4,  *((intOrPtr*)(__rcx)), _t36);
				_t30 =  *((intOrPtr*)(__rcx));
				if (_t30 == 0) goto 0xb0aa8297;
				if ( *_t30 != 0) goto 0xb0aa8297;
				if (_t30 == 0xb0ae0a30) goto 0xb0aa8297;
				E00007FF67FF6B0AA7E88(__rcx, _t30, __rsi, _t36);
				E00007FF67FF6B0AAFE60();
				 *((long long*)(__rcx)) = 0xb0ae0a30;
				 *((long long*)(__rcx + 8)) = 0xb0ae0a30;
				free(??);
				return 0xbaadf00d;
			}









                                                                                                                                                                                                    0x7ff6b0aa8217
                                                                                                                                                                                                    0x7ff6b0aa822a
                                                                                                                                                                                                    0x7ff6b0aa8234
                                                                                                                                                                                                    0x7ff6b0aa8237
                                                                                                                                                                                                    0x7ff6b0aa8239
                                                                                                                                                                                                    0x7ff6b0aa823d
                                                                                                                                                                                                    0x7ff6b0aa824d
                                                                                                                                                                                                    0x7ff6b0aa824f
                                                                                                                                                                                                    0x7ff6b0aa825a
                                                                                                                                                                                                    0x7ff6b0aa8263
                                                                                                                                                                                                    0x7ff6b0aa826a
                                                                                                                                                                                                    0x7ff6b0aa8273
                                                                                                                                                                                                    0x7ff6b0aa8278
                                                                                                                                                                                                    0x7ff6b0aa827e
                                                                                                                                                                                                    0x7ff6b0aa8283
                                                                                                                                                                                                    0x7ff6b0aa828f
                                                                                                                                                                                                    0x7ff6b0aa8291
                                                                                                                                                                                                    0x7ff6b0aa829c
                                                                                                                                                                                                    0x7ff6b0aa82a6
                                                                                                                                                                                                    0x7ff6b0aa82a9
                                                                                                                                                                                                    0x7ff6b0aa82b0
                                                                                                                                                                                                    0x7ff6b0aa82ba

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lockfree$ErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3188102813-0
                                                                                                                                                                                                    • Opcode ID: 4d6a6f156befe5a0da9afee2539e0a2b99425bf6e00ddd8f4db7cbe1f4866d2c
                                                                                                                                                                                                    • Instruction ID: c9b50bfc4801f9e18420dc055ec322c74f53da75095af9c6ac8b8589fa115abf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d6a6f156befe5a0da9afee2539e0a2b99425bf6e00ddd8f4db7cbe1f4866d2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D116133A0B946A5FF589BB8D4217B8AB90EF85B04F244D34D71EC73D7CE2DA8488211
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAB7DC Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FlsFree.KERNEL32(?,?,?,?,00007FF6B0AABB51,?,?,00000000,00007FF6B0AA4727), ref: 00007FF6B0AAB7EB
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6B0AABB51), ref: 00007FF6B0AAFE12
                                                                                                                                                                                                    • free.LIBCMT ref: 00007FF6B0AAFE1B
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6B0AABB51), ref: 00007FF6B0AAFE3B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalDeleteSection$Freefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1250194111-0
                                                                                                                                                                                                    • Opcode ID: 6873f9bc57506945de8e1b5125113889f3f65db8f6cd79cb80fb404202243c4b
                                                                                                                                                                                                    • Instruction ID: 8bcd58e029d032af44734ea713067f8b2a2c34d372b456b4a3018bf76a60fe08
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6873f9bc57506945de8e1b5125113889f3f65db8f6cd79cb80fb404202243c4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08119833E19646E6FA288B59E4442387BA0FF44B50F684931D75D867E7CF2CE491C740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA5F64 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF67FF6B0AA5F64(void* __edi, intOrPtr* __rax, long long __rbx, signed int __rcx, long long _a8) {
				signed int _v24;
				signed int _t16;
				void* _t21;
				void* _t29;
				signed int _t37;
				signed int _t39;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t49;

				_t39 = __rcx;
				_t35 = __rax;
				_a8 = __rbx;
				_t37 = __rcx;
				if (__rcx != 0) goto 0xb0aa5f9c;
				E00007FF67FF6B0AA78AC(__rax);
				_v24 = _v24 & __rcx;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF67FF6B0AA4430(__rax, __rcx, __rcx, _t43, _t44, _t45, _t49);
				goto 0xb0aa5fe2;
				if (( *(_t39 + 0x18) & 0x00000083) == 0) goto 0xb0aa5fdc;
				_t16 = E00007FF67FF6B0AA6BCC(_t37, _t39, _t44);
				E00007FF67FF6B0AB1B24(__rax, _t37);
				if (E00007FF67FF6B0AB1A0C(_t21, E00007FF67FF6B0AB0EB8(__rax, _t37, _t37, _t43, _t44, _t45, _t49), _t29, _t35, _t37, _t37, _t43, _t44, _t45, _t49) >= 0) goto 0xb0aa5fc9;
				goto 0xb0aa5fdc;
				if ( *(_t37 + 0x28) == 0) goto 0xb0aa5fdc;
				free(??);
				 *(_t37 + 0x28) =  *(_t37 + 0x28) & 0x00000000;
				 *(_t37 + 0x18) =  *(_t37 + 0x18) & 0x00000000;
				return _t16 | 0xffffffff;
			}













                                                                                                                                                                                                    0x7ff6b0aa5f64
                                                                                                                                                                                                    0x7ff6b0aa5f64
                                                                                                                                                                                                    0x7ff6b0aa5f64
                                                                                                                                                                                                    0x7ff6b0aa5f71
                                                                                                                                                                                                    0x7ff6b0aa5f77
                                                                                                                                                                                                    0x7ff6b0aa5f79
                                                                                                                                                                                                    0x7ff6b0aa5f7e
                                                                                                                                                                                                    0x7ff6b0aa5f83
                                                                                                                                                                                                    0x7ff6b0aa5f86
                                                                                                                                                                                                    0x7ff6b0aa5f8d
                                                                                                                                                                                                    0x7ff6b0aa5f93
                                                                                                                                                                                                    0x7ff6b0aa5f9a
                                                                                                                                                                                                    0x7ff6b0aa5fa0
                                                                                                                                                                                                    0x7ff6b0aa5fa2
                                                                                                                                                                                                    0x7ff6b0aa5fac
                                                                                                                                                                                                    0x7ff6b0aa5fc2
                                                                                                                                                                                                    0x7ff6b0aa5fc7
                                                                                                                                                                                                    0x7ff6b0aa5fd0
                                                                                                                                                                                                    0x7ff6b0aa5fd2
                                                                                                                                                                                                    0x7ff6b0aa5fd7
                                                                                                                                                                                                    0x7ff6b0aa5fdc
                                                                                                                                                                                                    0x7ff6b0aa5fec

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointer_errno_flush_freebuf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1889905870-0
                                                                                                                                                                                                    • Opcode ID: e85fca2b21714c02f18f57603225243ab33633c5b8a898005f5a6ec10b8aea6d
                                                                                                                                                                                                    • Instruction ID: d92e71f62686e2d609a8450c734ac11c03408ded58a40e71bdba5c7d456ab850
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85fca2b21714c02f18f57603225243ab33633c5b8a898005f5a6ec10b8aea6d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C401B123E186466AFB24AA7D981137D1E519F98768F390A30EB1DC67D7CF3CE4008A48
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB58B8 Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                                                                    			E00007FF67FF6B0AB58B8(signed int __ecx, void* __edx, signed int* __rax, void* __rbx, void* __rsi, void* __rbp, void* __r8) {
				signed long long _v24;
				intOrPtr _t28;
				signed int* _t29;
				signed long long _t34;

				if (__ecx != 0xfffffffe) goto 0xb0ab58d6;
				E00007FF67FF6B0AA78CC(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 9;
				goto 0xb0ab5933;
				if (__ecx < 0) goto 0xb0ab590b;
				if (__ecx -  *0xb0ae89c0 >= 0) goto 0xb0ab590b;
				_t34 = __ecx * 0x58;
				_t28 =  *((intOrPtr*)(0xb0ae89e0 + (__ecx >> 5) * 8));
				if (( *(_t28 + _t34 + 8) & 0x00000001) == 0) goto 0xb0ab590b;
				_t29 =  *((intOrPtr*)(_t28 + _t34));
				goto 0xb0ab5937;
				E00007FF67FF6B0AA78CC(_t29);
				 *_t29 =  *_t29 & 0x00000000;
				E00007FF67FF6B0AA78AC(_t29);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t29 = 9;
				return E00007FF67FF6B0AA4430(_t29, __rbx, 0xb0ae89e0, _t34, __rsi, __rbp, __r8);
			}







                                                                                                                                                                                                    0x7ff6b0ab58bf
                                                                                                                                                                                                    0x7ff6b0ab58c1
                                                                                                                                                                                                    0x7ff6b0ab58c6
                                                                                                                                                                                                    0x7ff6b0ab58c9
                                                                                                                                                                                                    0x7ff6b0ab58ce
                                                                                                                                                                                                    0x7ff6b0ab58d4
                                                                                                                                                                                                    0x7ff6b0ab58d8
                                                                                                                                                                                                    0x7ff6b0ab58e0
                                                                                                                                                                                                    0x7ff6b0ab58f6
                                                                                                                                                                                                    0x7ff6b0ab58fa
                                                                                                                                                                                                    0x7ff6b0ab5903
                                                                                                                                                                                                    0x7ff6b0ab5905
                                                                                                                                                                                                    0x7ff6b0ab5909
                                                                                                                                                                                                    0x7ff6b0ab590b
                                                                                                                                                                                                    0x7ff6b0ab5910
                                                                                                                                                                                                    0x7ff6b0ab5913
                                                                                                                                                                                                    0x7ff6b0ab5918
                                                                                                                                                                                                    0x7ff6b0ab591e
                                                                                                                                                                                                    0x7ff6b0ab5921
                                                                                                                                                                                                    0x7ff6b0ab5928
                                                                                                                                                                                                    0x7ff6b0ab593b

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 921712934-0
                                                                                                                                                                                                    • Opcode ID: 42309f2acd20e35207d32cf45d5d8bb19fd6256df55cf22ec14333df7ab8f0c2
                                                                                                                                                                                                    • Instruction ID: f02c79b450fdb5bf32d873c0759e46c72b1721a8ba2b4276d9c5ffaf6475ab8b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42309f2acd20e35207d32cf45d5d8bb19fd6256df55cf22ec14333df7ab8f0c2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4501DF73E2864AE1FA155B6CC85537D2E92AF94B31F648B35DB2E863D3CF3C60018A11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0A940C0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                                                    			E00007FF67FF6B0A940C0(intOrPtr* __rcx) {
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t9;
				intOrPtr _t11;
				void* _t14;
				void* _t15;
				void* _t17;

				_t11 =  *__rcx;
				if (_t11 == 0) goto 0xb0a940fc;
				if (_t11 == 0xffffffff) goto 0xb0a940fc;
				if (CloseHandle(??) != 0) goto 0xb0a940fc;
				r9d = 0x1dd;
				return E00007FF67FF6B0ACAB00(_t3, _t4, _t5, _t9, "CloseHandle(handle_to_manage)", "void __cdecl boost::detail::win32::handle_manager::cleanup(void)", _t14, _t15, "D:\\Libraries\\boost\\boost/thread/win32/thread_primitives.hpp", _t17);
			}











                                                                                                                                                                                                    0x7ff6b0a940c4
                                                                                                                                                                                                    0x7ff6b0a940ca
                                                                                                                                                                                                    0x7ff6b0a940d0
                                                                                                                                                                                                    0x7ff6b0a940da
                                                                                                                                                                                                    0x7ff6b0a940f1
                                                                                                                                                                                                    0x7ff6b0a94100

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                    • String ID: CloseHandle(handle_to_manage)$D:\Libraries\boost\boost/thread/win32/thread_primitives.hpp$void __cdecl boost::detail::win32::handle_manager::cleanup(void)
                                                                                                                                                                                                    • API String ID: 2962429428-1328045786
                                                                                                                                                                                                    • Opcode ID: e94c27bac43ffa26f5226572da9408715b3b101fcc1e669ba66f1d71604591b2
                                                                                                                                                                                                    • Instruction ID: 19be946204cc53aab8db926137a50de5a1da0d001d86e5843b6f3cf8500b8ff9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e94c27bac43ffa26f5226572da9408715b3b101fcc1e669ba66f1d71604591b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49E01A66B09903A2EE149B5DB8616742A24AF10B78F804B71CB3DD23D3AE1DA9468300
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AAA2C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                                                                    			E00007FF67FF6B0AAA2C8(void* __edi, void* __ebp, void* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long __rsi, long long __rbp, void* __r8, long long __r9, long long _a8, long long _a16, long long _a24, signed int* _a40, char _a48, signed int _a56, signed int _a64) {
				signed int _v32;
				long long _v40;
				char _v48;
				signed int* _v56;
				intOrPtr _t50;
				void* _t52;
				void* _t68;
				void* _t72;
				intOrPtr _t73;
				void* _t75;
				char _t86;
				void* _t103;
				intOrPtr _t105;
				intOrPtr* _t109;
				signed int* _t126;
				long long _t128;
				long long _t131;
				long long* _t146;
				void* _t147;

				_t103 = __rax;
				_t72 = __edi;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t131 = __r9;
				_t147 = __r8;
				_t128 = __rdx;
				_t109 = __rcx;
				E00007FF67FF6B0AAB93C(_t68, _t75, __rax);
				_t126 = _a40;
				r8d = 0x80000029;
				r9d = 0x80000026;
				r14d = 1;
				if ( *((intOrPtr*)(_t103 + 0x2c0)) != 0) goto 0xb0aaa351;
				if ( *__rcx == 0xe06d7363) goto 0xb0aaa351;
				if ( *__rcx != r8d) goto 0xb0aaa336;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0xf) goto 0xb0aaa336;
				if ( *((long long*)(__rcx + 0x60)) == 0x19930520) goto 0xb0aaa351;
				if ( *__rcx == r9d) goto 0xb0aaa351;
				if (( *_t126 & 0x1fffffff) - 0x19930522 < 0) goto 0xb0aaa351;
				if ((_t126[9] & r14b) != 0) goto 0xb0aaa4d1;
				if (( *(__rcx + 4) & 0x00000066) == 0) goto 0xb0aaa3ef;
				if (_t126[1] == 0) goto 0xb0aaa4d1;
				_t86 = _a48;
				if (_t86 != 0) goto 0xb0aaa4d1;
				if (_t86 == 0) goto 0xb0aaa3b8;
				if ( *__rcx != r9d) goto 0xb0aaa3b8;
				_t50 = E00007FF67FF6B0AB24BC(_t103, __rcx, _t126, __r9, __rdx, __r9,  *((intOrPtr*)(__r8 + 0xf8)));
				if (_t50 - 0xffffffff < 0) goto 0xb0aaa39d;
				if (_t50 - _t126[1] < 0) goto 0xb0aaa3a2;
				E00007FF67FF6B0AB0148(_t103);
				r9d = _t50;
				_t52 = E00007FF67FF6B0AA9250(__rdx, _t131, _t126);
				goto 0xb0aaa4d1;
				if (_t52 == 0) goto 0xb0aaa3dc;
				if ( *_t109 != r8d) goto 0xb0aaa3dc;
				_t73 =  *((intOrPtr*)(_t109 + 0x38));
				if (_t73 - 0xffffffff < 0) goto 0xb0aaa3ce;
				if (_t73 - _t126[1] < 0) goto 0xb0aaa3d3;
				E00007FF67FF6B0AB0148(_t103);
				r9d = _t73;
				goto 0xb0aaa3a8;
				E00007FF67FF6B0AA7350(_t72, _t109, _t128, _t131, _t128, _t126);
				goto 0xb0aaa4d1;
				if (_t126[3] != 0) goto 0xb0aaa423;
				if (( *_t126 & 0x1fffffff) - 0x19930521 < 0) goto 0xb0aaa4d1;
				if (_t126[8] == 0) goto 0xb0aaa418;
				E00007FF67FF6B0AA72E8(_t103);
				goto 0xb0aaa41a;
				if (_t103 + _t126[8] == 0) goto 0xb0aaa4d1;
				if ( *_t109 != 0xe06d7363) goto 0xb0aaa498;
				if ( *((intOrPtr*)(_t109 + 0x18)) - 3 < 0) goto 0xb0aaa498;
				if ( *((intOrPtr*)(_t109 + 0x20)) - 0x19930522 <= 0) goto 0xb0aaa498;
				_t105 =  *((intOrPtr*)(_t109 + 0x30));
				if ( *((intOrPtr*)(_t105 + 8)) == 0) goto 0xb0aaa456;
				E00007FF67FF6B0AA7300(_t105);
				_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x30)) + 8)) + _t105;
				goto 0xb0aaa459;
				r11d = 0;
				if (_t146 == 0) goto 0xb0aaa498;
				_v32 = _a64 & 0x000000ff;
				_v40 = _a56;
				_v48 = _a48;
				_v56 = _t126;
				 *_t146();
				goto 0xb0aaa4d4;
				_v32 = _a56;
				_v40 = _a48;
				_v48 = _a64;
				_v56 = _t126;
				E00007FF67FF6B0AA9D48(_t50,  *_t126 & 0x1fffffff, _t72, __ebp, _a56, _t109, _t109, _t128, _t147, _t131);
				return r14d;
			}






















                                                                                                                                                                                                    0x7ff6b0aaa2c8
                                                                                                                                                                                                    0x7ff6b0aaa2c8
                                                                                                                                                                                                    0x7ff6b0aaa2c8
                                                                                                                                                                                                    0x7ff6b0aaa2cd
                                                                                                                                                                                                    0x7ff6b0aaa2d2
                                                                                                                                                                                                    0x7ff6b0aaa2e0
                                                                                                                                                                                                    0x7ff6b0aaa2e3
                                                                                                                                                                                                    0x7ff6b0aaa2e6
                                                                                                                                                                                                    0x7ff6b0aaa2e9
                                                                                                                                                                                                    0x7ff6b0aaa2ec
                                                                                                                                                                                                    0x7ff6b0aaa2f1
                                                                                                                                                                                                    0x7ff6b0aaa305
                                                                                                                                                                                                    0x7ff6b0aaa30b
                                                                                                                                                                                                    0x7ff6b0aaa311
                                                                                                                                                                                                    0x7ff6b0aaa317
                                                                                                                                                                                                    0x7ff6b0aaa31f
                                                                                                                                                                                                    0x7ff6b0aaa324
                                                                                                                                                                                                    0x7ff6b0aaa32a
                                                                                                                                                                                                    0x7ff6b0aaa334
                                                                                                                                                                                                    0x7ff6b0aaa339
                                                                                                                                                                                                    0x7ff6b0aaa345
                                                                                                                                                                                                    0x7ff6b0aaa34b
                                                                                                                                                                                                    0x7ff6b0aaa356
                                                                                                                                                                                                    0x7ff6b0aaa360
                                                                                                                                                                                                    0x7ff6b0aaa366
                                                                                                                                                                                                    0x7ff6b0aaa36e
                                                                                                                                                                                                    0x7ff6b0aaa377
                                                                                                                                                                                                    0x7ff6b0aaa37c
                                                                                                                                                                                                    0x7ff6b0aaa38c
                                                                                                                                                                                                    0x7ff6b0aaa396
                                                                                                                                                                                                    0x7ff6b0aaa39b
                                                                                                                                                                                                    0x7ff6b0aaa39d
                                                                                                                                                                                                    0x7ff6b0aaa3a2
                                                                                                                                                                                                    0x7ff6b0aaa3ae
                                                                                                                                                                                                    0x7ff6b0aaa3b3
                                                                                                                                                                                                    0x7ff6b0aaa3ba
                                                                                                                                                                                                    0x7ff6b0aaa3bf
                                                                                                                                                                                                    0x7ff6b0aaa3c1
                                                                                                                                                                                                    0x7ff6b0aaa3c7
                                                                                                                                                                                                    0x7ff6b0aaa3cc
                                                                                                                                                                                                    0x7ff6b0aaa3ce
                                                                                                                                                                                                    0x7ff6b0aaa3d7
                                                                                                                                                                                                    0x7ff6b0aaa3da
                                                                                                                                                                                                    0x7ff6b0aaa3e5
                                                                                                                                                                                                    0x7ff6b0aaa3ea
                                                                                                                                                                                                    0x7ff6b0aaa3f3
                                                                                                                                                                                                    0x7ff6b0aaa3fe
                                                                                                                                                                                                    0x7ff6b0aaa408
                                                                                                                                                                                                    0x7ff6b0aaa40a
                                                                                                                                                                                                    0x7ff6b0aaa416
                                                                                                                                                                                                    0x7ff6b0aaa41d
                                                                                                                                                                                                    0x7ff6b0aaa429
                                                                                                                                                                                                    0x7ff6b0aaa42f
                                                                                                                                                                                                    0x7ff6b0aaa438
                                                                                                                                                                                                    0x7ff6b0aaa43a
                                                                                                                                                                                                    0x7ff6b0aaa442
                                                                                                                                                                                                    0x7ff6b0aaa444
                                                                                                                                                                                                    0x7ff6b0aaa451
                                                                                                                                                                                                    0x7ff6b0aaa454
                                                                                                                                                                                                    0x7ff6b0aaa456
                                                                                                                                                                                                    0x7ff6b0aaa45c
                                                                                                                                                                                                    0x7ff6b0aaa46c
                                                                                                                                                                                                    0x7ff6b0aaa47b
                                                                                                                                                                                                    0x7ff6b0aaa48a
                                                                                                                                                                                                    0x7ff6b0aaa48e
                                                                                                                                                                                                    0x7ff6b0aaa493
                                                                                                                                                                                                    0x7ff6b0aaa496
                                                                                                                                                                                                    0x7ff6b0aaa4a6
                                                                                                                                                                                                    0x7ff6b0aaa4b5
                                                                                                                                                                                                    0x7ff6b0aaa4c3
                                                                                                                                                                                                    0x7ff6b0aaa4c7
                                                                                                                                                                                                    0x7ff6b0aaa4cc
                                                                                                                                                                                                    0x7ff6b0aaa4ec

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                    • API String ID: 3186804695-3733052814
                                                                                                                                                                                                    • Opcode ID: 98f21436721bd78c3725fa0ca854348773e5603e32f22c9a78c881d467c025b4
                                                                                                                                                                                                    • Instruction ID: ec6a339a090abcf899428113c95fc8bf7d7b8b82c662b7043c7902eadd612e06
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98f21436721bd78c3725fa0ca854348773e5603e32f22c9a78c881d467c025b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151A1339086429AEB608E2D944437D7AD0BB64B84F648575EF4D97BC6CF7CE890C711
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0850 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0850(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				long long _t35;
				signed int _t43;
				signed int _t44;
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				void* _t52;
				signed long long _t62;
				char* _t68;
				char* _t69;
				intOrPtr _t72;
				void* _t73;
				long long _t74;
				long long* _t76;
				void* _t84;
				void* _t86;
				signed long long _t89;

				_t62 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t89 + 0xe0) = _t62 ^ _t89;
				_t72 =  *((intOrPtr*)(__r9 + 0x20));
				_t48 = _t72;
				if (_t48 > 0) goto 0xb0aa0891;
				asm("inc ecx");
				if (_t48 < 0) goto 0xb0aa0891;
				_t43 =  *(__r9 + 0x18);
				asm("movsd xmm1, [esp+0x158]");
				r9d = 6;
				r9d =  >  ? 0x24 : r9d;
				_t84 = _t86;
				_t73 = _t72 - r9d;
				_t50 = (_t43 & 0x00003000) - 0x2000;
				if (_t50 != 0) goto 0xb0aa0969;
				asm("movapd xmm0, xmm1");
				asm("mulsd xmm0, [0x3480b]");
				asm("ucomisd xmm0, xmm1");
				if (_t50 != 0) goto 0xb0aa08e1;
				if (_t50 == 0) goto 0xb0aa0969;
				asm("xorpd xmm3, xmm3");
				asm("movsd xmm4, [0x347e3]");
				asm("comisd xmm3, xmm1");
				if (_t50 <= 0) goto 0xb0aa08fb;
				asm("xorpd xmm1, xmm4");
				goto 0xb0aa08fd;
				asm("movsd xmm0, [0x347c3]");
				asm("movsd xmm2, [0x347b3]");
				asm("comisd xmm1, xmm0");
				if (_t50 < 0) goto 0xb0aa092a;
				_t51 = _t86 - 0x1388;
				if (_t51 >= 0) goto 0xb0aa092a;
				asm("divsd xmm1, xmm2");
				asm("comisd xmm1, xmm0");
				if (_t51 >= 0) goto 0xb0aa0913;
				asm("comisd xmm1, xmm3");
				if (_t51 <= 0) goto 0xb0aa0961;
				_t52 = _t73 - 0xa;
				if (_t52 < 0) goto 0xb0aa0961;
				asm("movsd xmm0, [0x3477a]");
				asm("comisd xmm0, xmm1");
				if (_t52 < 0) goto 0xb0aa0961;
				if (_t84 - 0x1388 >= 0) goto 0xb0aa0961;
				_t74 = _t73 - 0xa;
				asm("mulsd xmm1, xmm2");
				if (_t74 - 0xa >= 0) goto 0xb0aa0940;
				if (0 == 0) goto 0xb0aa0969;
				asm("xorpd xmm1, xmm4");
				_t76 = _t89 + 0x50;
				 *((char*)(_t89 + 0x60)) = 0x25;
				 *_t76 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t76 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ((_t43 & 0x00000020) == 0) goto 0xb0aa0995;
				 *((char*)(_t89 + 0x61)) = 0x2b;
				_t68 = _t89 + 0x62;
				if ((_t43 & 0x00000010) == 0) goto 0xb0aa09a0;
				 *_t68 = 0x23;
				_t69 = _t68 + 1;
				_t44 = _t43 & 0x00003000;
				 *_t69 = 0x2e;
				 *((char*)(_t69 + 1)) = 0x2a;
				if (_t44 != 0x2000) goto 0xb0aa09b9;
				goto 0xb0aa09da;
				if (_t44 != 0x3000) goto 0xb0aa09c5;
				goto 0xb0aa09da;
				r8d = 0x65;
				_t42 =  ==  ? r8d : 0x67;
				 *((char*)(_t69 + 2)) =  ==  ? r8d : 0x67;
				asm("movsd [esp+0x20], xmm1");
				 *((char*)(_t69 + 3)) = 0;
				_t35 = E00007FF67FF6B0AA4828(_t89 + 0x60, __r9);
				_t94 = __r9;
				 *((long long*)(_t89 + 0x48)) = _t35;
				 *((long long*)(_t89 + 0x40)) = _t74;
				 *((long long*)(_t89 + 0x38)) = _t84 + 0xa;
				 *((long long*)(_t89 + 0x30)) = _t86 + 0xa;
				 *((long long*)(_t89 + 0x28)) = _t89 + 0x70;
				 *((char*)(_t89 + 0x20)) =  *(_t89 + 0x150) & 0x000000ff;
				E00007FF67FF6B0AA0F40( *(_t89 + 0x150) & 0x000000ff, _t44 - 0x1000, _t74, __rcx, __rdx, _t89 + 0x50, __r9);
				return E00007FF67FF6B0AA4050( ==  ? r8d : 0x67,  *(_t89 + 0xe0) ^ _t89, __rdx, _t89 + 0x50, _t94);
			}





















                                                                                                                                                                                                    0x7ff6b0aa0860
                                                                                                                                                                                                    0x7ff6b0aa086a
                                                                                                                                                                                                    0x7ff6b0aa0872
                                                                                                                                                                                                    0x7ff6b0aa087f
                                                                                                                                                                                                    0x7ff6b0aa0882
                                                                                                                                                                                                    0x7ff6b0aa0884
                                                                                                                                                                                                    0x7ff6b0aa088a
                                                                                                                                                                                                    0x7ff6b0aa0891
                                                                                                                                                                                                    0x7ff6b0aa0894
                                                                                                                                                                                                    0x7ff6b0aa08a5
                                                                                                                                                                                                    0x7ff6b0aa08a8
                                                                                                                                                                                                    0x7ff6b0aa08b1
                                                                                                                                                                                                    0x7ff6b0aa08b4
                                                                                                                                                                                                    0x7ff6b0aa08be
                                                                                                                                                                                                    0x7ff6b0aa08c3
                                                                                                                                                                                                    0x7ff6b0aa08c9
                                                                                                                                                                                                    0x7ff6b0aa08cd
                                                                                                                                                                                                    0x7ff6b0aa08d5
                                                                                                                                                                                                    0x7ff6b0aa08d9
                                                                                                                                                                                                    0x7ff6b0aa08db
                                                                                                                                                                                                    0x7ff6b0aa08e1
                                                                                                                                                                                                    0x7ff6b0aa08e5
                                                                                                                                                                                                    0x7ff6b0aa08ed
                                                                                                                                                                                                    0x7ff6b0aa08f1
                                                                                                                                                                                                    0x7ff6b0aa08f5
                                                                                                                                                                                                    0x7ff6b0aa08f9
                                                                                                                                                                                                    0x7ff6b0aa08fd
                                                                                                                                                                                                    0x7ff6b0aa0905
                                                                                                                                                                                                    0x7ff6b0aa090d
                                                                                                                                                                                                    0x7ff6b0aa0911
                                                                                                                                                                                                    0x7ff6b0aa0913
                                                                                                                                                                                                    0x7ff6b0aa091a
                                                                                                                                                                                                    0x7ff6b0aa091c
                                                                                                                                                                                                    0x7ff6b0aa0924
                                                                                                                                                                                                    0x7ff6b0aa0928
                                                                                                                                                                                                    0x7ff6b0aa092a
                                                                                                                                                                                                    0x7ff6b0aa092e
                                                                                                                                                                                                    0x7ff6b0aa0930
                                                                                                                                                                                                    0x7ff6b0aa0934
                                                                                                                                                                                                    0x7ff6b0aa0936
                                                                                                                                                                                                    0x7ff6b0aa0940
                                                                                                                                                                                                    0x7ff6b0aa0944
                                                                                                                                                                                                    0x7ff6b0aa094d
                                                                                                                                                                                                    0x7ff6b0aa094f
                                                                                                                                                                                                    0x7ff6b0aa0957
                                                                                                                                                                                                    0x7ff6b0aa095f
                                                                                                                                                                                                    0x7ff6b0aa0963
                                                                                                                                                                                                    0x7ff6b0aa0965
                                                                                                                                                                                                    0x7ff6b0aa096c
                                                                                                                                                                                                    0x7ff6b0aa0971
                                                                                                                                                                                                    0x7ff6b0aa0976
                                                                                                                                                                                                    0x7ff6b0aa097d
                                                                                                                                                                                                    0x7ff6b0aa0989
                                                                                                                                                                                                    0x7ff6b0aa098b
                                                                                                                                                                                                    0x7ff6b0aa0990
                                                                                                                                                                                                    0x7ff6b0aa0998
                                                                                                                                                                                                    0x7ff6b0aa099a
                                                                                                                                                                                                    0x7ff6b0aa099d
                                                                                                                                                                                                    0x7ff6b0aa09a0
                                                                                                                                                                                                    0x7ff6b0aa09a6
                                                                                                                                                                                                    0x7ff6b0aa09a9
                                                                                                                                                                                                    0x7ff6b0aa09b3
                                                                                                                                                                                                    0x7ff6b0aa09b7
                                                                                                                                                                                                    0x7ff6b0aa09bf
                                                                                                                                                                                                    0x7ff6b0aa09c3
                                                                                                                                                                                                    0x7ff6b0aa09ca
                                                                                                                                                                                                    0x7ff6b0aa09d6
                                                                                                                                                                                                    0x7ff6b0aa09da
                                                                                                                                                                                                    0x7ff6b0aa09e7
                                                                                                                                                                                                    0x7ff6b0aa09f2
                                                                                                                                                                                                    0x7ff6b0aa09f6
                                                                                                                                                                                                    0x7ff6b0aa0a00
                                                                                                                                                                                                    0x7ff6b0aa0a0e
                                                                                                                                                                                                    0x7ff6b0aa0a1b
                                                                                                                                                                                                    0x7ff6b0aa0a20
                                                                                                                                                                                                    0x7ff6b0aa0a25
                                                                                                                                                                                                    0x7ff6b0aa0a2a
                                                                                                                                                                                                    0x7ff6b0aa0a2f
                                                                                                                                                                                                    0x7ff6b0aa0a36
                                                                                                                                                                                                    0x7ff6b0aa0a5d

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 4a7392d89f1e279d8a6d564c2a1305181f93ac8bdff9bcfff4d940475f5d063f
                                                                                                                                                                                                    • Instruction ID: 397057aff041664bdaca4f157eead476db620498d63ba3749dec893fc70c91cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a7392d89f1e279d8a6d564c2a1305181f93ac8bdff9bcfff4d940475f5d063f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6511923A0CB8199F7228A38E4557AA6B95EF567C0F248632DB8D637C7DF2CD0458740
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0A60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0A60(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				long long _t36;
				signed int _t44;
				signed int _t45;
				intOrPtr _t49;
				void* _t51;
				void* _t52;
				void* _t53;
				signed long long _t63;
				char* _t69;
				char* _t70;
				intOrPtr _t73;
				void* _t74;
				long long _t75;
				long long* _t77;
				void* _t85;
				void* _t87;
				signed long long _t90;

				_t63 =  *0xb0ae0430; // 0x449f37dbf1f
				 *(_t90 + 0xe0) = _t63 ^ _t90;
				_t73 =  *((intOrPtr*)(__r9 + 0x20));
				_t49 = _t73;
				if (_t49 > 0) goto 0xb0aa0aa1;
				asm("inc ecx");
				if (_t49 < 0) goto 0xb0aa0aa1;
				_t44 =  *(__r9 + 0x18);
				asm("movsd xmm0, [esp+0x158]");
				r9d = 6;
				r9d =  >  ? 0x24 : r9d;
				_t85 = _t87;
				_t74 = _t73 - r9d;
				_t51 = (_t44 & 0x00003000) - 0x2000;
				if (_t51 != 0) goto 0xb0aa0b69;
				asm("xorpd xmm3, xmm3");
				asm("movsd xmm4, [0x345eb]");
				asm("comisd xmm3, xmm0");
				if (_t51 <= 0) goto 0xb0aa0af3;
				asm("xorpd xmm0, xmm4");
				goto 0xb0aa0af5;
				asm("movsd xmm1, [0x345cb]");
				asm("movsd xmm2, [0x345bb]");
				asm("comisd xmm0, xmm1");
				if (_t51 < 0) goto 0xb0aa0b27;
				_t52 = _t87 - 0x1388;
				if (_t52 >= 0) goto 0xb0aa0b27;
				asm("divsd xmm0, xmm2");
				asm("comisd xmm0, xmm1");
				if (_t52 >= 0) goto 0xb0aa0b10;
				asm("comisd xmm0, xmm3");
				if (_t52 <= 0) goto 0xb0aa0b61;
				_t53 = _t74 - 0xa;
				if (_t53 < 0) goto 0xb0aa0b61;
				asm("movsd xmm1, [0x3457d]");
				asm("comisd xmm1, xmm0");
				if (_t53 < 0) goto 0xb0aa0b61;
				if (_t85 - 0x1388 >= 0) goto 0xb0aa0b61;
				_t75 = _t74 - 0xa;
				asm("mulsd xmm0, xmm2");
				if (_t75 - 0xa >= 0) goto 0xb0aa0b40;
				if (0 == 0) goto 0xb0aa0b69;
				asm("xorpd xmm0, xmm4");
				_t77 = _t90 + 0x50;
				 *((char*)(_t90 + 0x60)) = 0x25;
				 *_t77 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t77 + 8)) =  *((intOrPtr*)(__r8 + 8));
				if ((_t44 & 0x00000020) == 0) goto 0xb0aa0b95;
				 *((char*)(_t90 + 0x61)) = 0x2b;
				_t69 = _t90 + 0x62;
				if ((_t44 & 0x00000010) == 0) goto 0xb0aa0ba0;
				 *_t69 = 0x23;
				_t70 = _t69 + 1;
				 *_t70 = 0x2e;
				_t45 = _t44 & 0x00003000;
				 *((char*)(_t70 + 1)) = 0x2a;
				 *((char*)(_t70 + 2)) = 0x4c;
				if (_t45 != 0x2000) goto 0xb0aa0bbd;
				goto 0xb0aa0bde;
				if (_t45 != 0x3000) goto 0xb0aa0bc9;
				goto 0xb0aa0bde;
				r8d = 0x65;
				_t43 =  ==  ? r8d : 0x67;
				 *((char*)(_t70 + 3)) =  ==  ? r8d : 0x67;
				asm("movsd [esp+0x20], xmm0");
				 *((char*)(_t70 + 4)) = 0;
				_t36 = E00007FF67FF6B0AA4828(_t90 + 0x60, __r9);
				_t95 = __r9;
				 *((long long*)(_t90 + 0x48)) = _t36;
				 *((long long*)(_t90 + 0x40)) = _t75;
				 *((long long*)(_t90 + 0x38)) = _t85 + 0xa;
				 *((long long*)(_t90 + 0x30)) = _t87 + 0xa;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x70;
				 *((char*)(_t90 + 0x20)) =  *(_t90 + 0x150) & 0x000000ff;
				E00007FF67FF6B0AA0F40( *(_t90 + 0x150) & 0x000000ff, _t45 - 0x1000, _t75, __rcx, __rdx, _t90 + 0x50, __r9);
				return E00007FF67FF6B0AA4050( ==  ? r8d : 0x67,  *(_t90 + 0xe0) ^ _t90, __rdx, _t90 + 0x50, _t95);
			}





















                                                                                                                                                                                                    0x7ff6b0aa0a70
                                                                                                                                                                                                    0x7ff6b0aa0a7a
                                                                                                                                                                                                    0x7ff6b0aa0a82
                                                                                                                                                                                                    0x7ff6b0aa0a8f
                                                                                                                                                                                                    0x7ff6b0aa0a92
                                                                                                                                                                                                    0x7ff6b0aa0a94
                                                                                                                                                                                                    0x7ff6b0aa0a9a
                                                                                                                                                                                                    0x7ff6b0aa0aa1
                                                                                                                                                                                                    0x7ff6b0aa0aa4
                                                                                                                                                                                                    0x7ff6b0aa0ab5
                                                                                                                                                                                                    0x7ff6b0aa0ab8
                                                                                                                                                                                                    0x7ff6b0aa0ac1
                                                                                                                                                                                                    0x7ff6b0aa0ac4
                                                                                                                                                                                                    0x7ff6b0aa0ace
                                                                                                                                                                                                    0x7ff6b0aa0ad3
                                                                                                                                                                                                    0x7ff6b0aa0ad9
                                                                                                                                                                                                    0x7ff6b0aa0add
                                                                                                                                                                                                    0x7ff6b0aa0ae5
                                                                                                                                                                                                    0x7ff6b0aa0ae9
                                                                                                                                                                                                    0x7ff6b0aa0aed
                                                                                                                                                                                                    0x7ff6b0aa0af1
                                                                                                                                                                                                    0x7ff6b0aa0af5
                                                                                                                                                                                                    0x7ff6b0aa0afd
                                                                                                                                                                                                    0x7ff6b0aa0b05
                                                                                                                                                                                                    0x7ff6b0aa0b09
                                                                                                                                                                                                    0x7ff6b0aa0b10
                                                                                                                                                                                                    0x7ff6b0aa0b17
                                                                                                                                                                                                    0x7ff6b0aa0b19
                                                                                                                                                                                                    0x7ff6b0aa0b21
                                                                                                                                                                                                    0x7ff6b0aa0b25
                                                                                                                                                                                                    0x7ff6b0aa0b27
                                                                                                                                                                                                    0x7ff6b0aa0b2b
                                                                                                                                                                                                    0x7ff6b0aa0b2d
                                                                                                                                                                                                    0x7ff6b0aa0b31
                                                                                                                                                                                                    0x7ff6b0aa0b33
                                                                                                                                                                                                    0x7ff6b0aa0b40
                                                                                                                                                                                                    0x7ff6b0aa0b44
                                                                                                                                                                                                    0x7ff6b0aa0b4d
                                                                                                                                                                                                    0x7ff6b0aa0b4f
                                                                                                                                                                                                    0x7ff6b0aa0b57
                                                                                                                                                                                                    0x7ff6b0aa0b5f
                                                                                                                                                                                                    0x7ff6b0aa0b63
                                                                                                                                                                                                    0x7ff6b0aa0b65
                                                                                                                                                                                                    0x7ff6b0aa0b6c
                                                                                                                                                                                                    0x7ff6b0aa0b71
                                                                                                                                                                                                    0x7ff6b0aa0b76
                                                                                                                                                                                                    0x7ff6b0aa0b7d
                                                                                                                                                                                                    0x7ff6b0aa0b89
                                                                                                                                                                                                    0x7ff6b0aa0b8b
                                                                                                                                                                                                    0x7ff6b0aa0b90
                                                                                                                                                                                                    0x7ff6b0aa0b98
                                                                                                                                                                                                    0x7ff6b0aa0b9a
                                                                                                                                                                                                    0x7ff6b0aa0b9d
                                                                                                                                                                                                    0x7ff6b0aa0ba0
                                                                                                                                                                                                    0x7ff6b0aa0ba3
                                                                                                                                                                                                    0x7ff6b0aa0ba9
                                                                                                                                                                                                    0x7ff6b0aa0bad
                                                                                                                                                                                                    0x7ff6b0aa0bb7
                                                                                                                                                                                                    0x7ff6b0aa0bbb
                                                                                                                                                                                                    0x7ff6b0aa0bc3
                                                                                                                                                                                                    0x7ff6b0aa0bc7
                                                                                                                                                                                                    0x7ff6b0aa0bce
                                                                                                                                                                                                    0x7ff6b0aa0bda
                                                                                                                                                                                                    0x7ff6b0aa0bde
                                                                                                                                                                                                    0x7ff6b0aa0beb
                                                                                                                                                                                                    0x7ff6b0aa0bf6
                                                                                                                                                                                                    0x7ff6b0aa0bfa
                                                                                                                                                                                                    0x7ff6b0aa0c04
                                                                                                                                                                                                    0x7ff6b0aa0c12
                                                                                                                                                                                                    0x7ff6b0aa0c1f
                                                                                                                                                                                                    0x7ff6b0aa0c24
                                                                                                                                                                                                    0x7ff6b0aa0c29
                                                                                                                                                                                                    0x7ff6b0aa0c2e
                                                                                                                                                                                                    0x7ff6b0aa0c33
                                                                                                                                                                                                    0x7ff6b0aa0c3a
                                                                                                                                                                                                    0x7ff6b0aa0c61

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: f56427867cc14d5ba6facdcfc3d5dd5fa3c1aaa7c4077d046ccc8f1ad1e565a5
                                                                                                                                                                                                    • Instruction ID: 77309f74c4480b50a15ea486f7c03a28c6ea8746140f1f5b45272fdf7c8f1360
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f56427867cc14d5ba6facdcfc3d5dd5fa3c1aaa7c4077d046ccc8f1ad1e565a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5514C23A0CB8199E7618B28E4547AAAF95EF96784F248A31DF4D677C6DF3CD045C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA69E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                                                                    			E00007FF67FF6B0AA69E4(void* __ecx, void* __edx, long long __rbx, void* __rdx, long long _a8) {
				signed long long _v24;
				void* _t37;
				signed long long _t41;
				void* _t55;
				void* _t56;
				void* _t60;
				signed long long _t62;

				_a8 = __rbx;
				if (( *(__rdx + 0x18) & 0x00000040) != 0) goto 0xb0aa6a97;
				_t62 = E00007FF67FF6B0AB0EB8(_t37, __rdx, __rdx, __rdx, _t55, _t56, _t60);
				if (r11d == 0xffffffff) goto 0xb0aa6a39;
				if (r11d == 0xfffffffe) goto 0xb0aa6a39;
				goto 0xb0aa6a3c;
				if (( *0x7FF6B0AE09D8 & 0x0000007f) != 0) goto 0xb0aa6a69;
				if (r11d == 0xffffffff) goto 0xb0aa6a63;
				if (r11d == 0xfffffffe) goto 0xb0aa6a63;
				_t41 = _t62 >> 5;
				if (( *(_t62 * 0x58 +  *((intOrPtr*)(0xb0ae89e0 + _t41 * 8)) + 0x38) & 0x00000080) == 0) goto 0xb0aa6a97;
				E00007FF67FF6B0AA78AC(_t41);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *_t41 = 0x16;
				return E00007FF67FF6B0AA4430(_t41, __rdx, 0xb0ae09a0, _t62 * 0x58 +  *((intOrPtr*)(0xb0ae89e0 + _t41 * 8)), _t55, _t56, 0xb0ae89e0) | 0xffffffff;
			}










                                                                                                                                                                                                    0x7ff6b0aa69e4
                                                                                                                                                                                                    0x7ff6b0aa69f7
                                                                                                                                                                                                    0x7ff6b0aa6a13
                                                                                                                                                                                                    0x7ff6b0aa6a1a
                                                                                                                                                                                                    0x7ff6b0aa6a20
                                                                                                                                                                                                    0x7ff6b0aa6a37
                                                                                                                                                                                                    0x7ff6b0aa6a40
                                                                                                                                                                                                    0x7ff6b0aa6a46
                                                                                                                                                                                                    0x7ff6b0aa6a4c
                                                                                                                                                                                                    0x7ff6b0aa6a57
                                                                                                                                                                                                    0x7ff6b0aa6a67
                                                                                                                                                                                                    0x7ff6b0aa6a69
                                                                                                                                                                                                    0x7ff6b0aa6a6e
                                                                                                                                                                                                    0x7ff6b0aa6a74
                                                                                                                                                                                                    0x7ff6b0aa6a77
                                                                                                                                                                                                    0x7ff6b0aa6a7e
                                                                                                                                                                                                    0x7ff6b0aa6a96

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_getbuf
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 606515832-2766056989
                                                                                                                                                                                                    • Opcode ID: a4fa89e5b4d4656ba4716eb9c8b861f2449aaef3002945440b091910db96db11
                                                                                                                                                                                                    • Instruction ID: 8ab50f813d68b7cee460ddd028d4c17f13299f4c103fb7afb6a1554ad182b374
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4fa89e5b4d4656ba4716eb9c8b861f2449aaef3002945440b091910db96db11
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE31E573A18B4659EB658E2CD4453382EA0AB50FA8F78EA35CB1D923D7CF7CD851C640
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA6DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                                                                    			E00007FF67FF6B0AA6DD4(intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r8, long long _a8, long long _a16) {
				signed long long _v24;
				signed int _t28;
				signed long long _t31;
				void* _t34;
				signed long long _t60;
				intOrPtr* _t64;
				signed long long _t72;
				signed long long _t82;
				void* _t83;
				void* _t84;
				void* _t91;

				_t88 = __r8;
				_t77 = __rdx;
				_t66 = __rcx;
				_t58 = __rax;
				_a16 = __rbx;
				_a8 = __rcx;
				_t64 = __rcx;
				if ((0 | __rcx != 0x00000000) != 0) goto 0xb0aa6e1b;
				E00007FF67FF6B0AA78AC(__rax);
				 *__rax = 0x16;
				_v24 = _v24 & _t82;
				r9d = 0;
				r8d = 0;
				_t28 = E00007FF67FF6B0AA4430(__rax, __rcx, __rcx, __rdx, _t83, _t84, __r8);
				goto 0xb0aa6eed;
				E00007FF67FF6B0AAB4D0(_t28 | 0xffffffff, _t66);
				if (( *(_t64 + 0x18) & 0x00000040) != 0) goto 0xb0aa6ec1;
				_t31 = E00007FF67FF6B0AB0EB8(_t58, _t64, _t64, _t77, _t83, _t84, _t88);
				if (_t31 == 0xffffffff) goto 0xb0aa6e62;
				if (_t31 == 0xfffffffe) goto 0xb0aa6e62;
				goto 0xb0aa6e73;
				if (( *0x7FF6B0AE09D8 & 0x0000007f) != 0) goto 0xb0aa6e9e;
				if (_t31 == 0xffffffff) goto 0xb0aa6e98;
				if (_t31 == 0xfffffffe) goto 0xb0aa6e98;
				_t72 = _t31;
				_t60 = _t72 >> 5;
				if (( *(_t72 * 0x58 +  *((intOrPtr*)(0xb0ae89e0 + _t60 * 8)) + 0x38) & 0x00000080) == 0) goto 0xb0aa6ec1;
				E00007FF67FF6B0AA78AC(_t60);
				 *_t60 = 0x16;
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF67FF6B0AA4430(_t60, _t64, _t72 * 0x58 +  *((intOrPtr*)(0xb0ae89e0 + _t60 * 8)), 0xb0ae09a0, _t83, _t84, 0xb0ae89e0);
				if (0xffffffff != 0) goto 0xb0aa6ee3;
				 *((intOrPtr*)(_t64 + 8)) =  *((intOrPtr*)(_t64 + 8)) + 0xffffffff;
				if (0xffffffff < 0) goto 0xb0aa6ed9;
				 *_t64 =  *_t64 + 1;
				goto 0xb0aa6ee3;
				_t34 = E00007FF67FF6B0AB0468( *_t64 + 1, _t64, _t64, 0xb0ae09a0, _t83, _t84, 0xb0ae89e0, _t91);
				E00007FF67FF6B0AAB560(_t34, _t64);
				return _t34;
			}














                                                                                                                                                                                                    0x7ff6b0aa6dd4
                                                                                                                                                                                                    0x7ff6b0aa6dd4
                                                                                                                                                                                                    0x7ff6b0aa6dd4
                                                                                                                                                                                                    0x7ff6b0aa6dd4
                                                                                                                                                                                                    0x7ff6b0aa6dd4
                                                                                                                                                                                                    0x7ff6b0aa6dd9
                                                                                                                                                                                                    0x7ff6b0aa6de3
                                                                                                                                                                                                    0x7ff6b0aa6df2
                                                                                                                                                                                                    0x7ff6b0aa6df4
                                                                                                                                                                                                    0x7ff6b0aa6df9
                                                                                                                                                                                                    0x7ff6b0aa6dff
                                                                                                                                                                                                    0x7ff6b0aa6e04
                                                                                                                                                                                                    0x7ff6b0aa6e07
                                                                                                                                                                                                    0x7ff6b0aa6e0e
                                                                                                                                                                                                    0x7ff6b0aa6e16
                                                                                                                                                                                                    0x7ff6b0aa6e1b
                                                                                                                                                                                                    0x7ff6b0aa6e25
                                                                                                                                                                                                    0x7ff6b0aa6e2e
                                                                                                                                                                                                    0x7ff6b0aa6e36
                                                                                                                                                                                                    0x7ff6b0aa6e3b
                                                                                                                                                                                                    0x7ff6b0aa6e60
                                                                                                                                                                                                    0x7ff6b0aa6e77
                                                                                                                                                                                                    0x7ff6b0aa6e7c
                                                                                                                                                                                                    0x7ff6b0aa6e81
                                                                                                                                                                                                    0x7ff6b0aa6e83
                                                                                                                                                                                                    0x7ff6b0aa6e89
                                                                                                                                                                                                    0x7ff6b0aa6e9c
                                                                                                                                                                                                    0x7ff6b0aa6e9e
                                                                                                                                                                                                    0x7ff6b0aa6ea3
                                                                                                                                                                                                    0x7ff6b0aa6ea9
                                                                                                                                                                                                    0x7ff6b0aa6eaf
                                                                                                                                                                                                    0x7ff6b0aa6eb2
                                                                                                                                                                                                    0x7ff6b0aa6eb9
                                                                                                                                                                                                    0x7ff6b0aa6ec3
                                                                                                                                                                                                    0x7ff6b0aa6ec5
                                                                                                                                                                                                    0x7ff6b0aa6ec9
                                                                                                                                                                                                    0x7ff6b0aa6ed4
                                                                                                                                                                                                    0x7ff6b0aa6ed7
                                                                                                                                                                                                    0x7ff6b0aa6edc
                                                                                                                                                                                                    0x7ff6b0aa6ee6
                                                                                                                                                                                                    0x7ff6b0aa6ef7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$DecodePointer
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 2310398763-2766056989
                                                                                                                                                                                                    • Opcode ID: 72ca26e853ff08c01ad7965e478854bad7cf710359f113a4bafd6f72de130865
                                                                                                                                                                                                    • Instruction ID: f10d22739fae6c6136d69ecbe1b4a34bca43a6310e54eff080bc0136dffee951
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72ca26e853ff08c01ad7965e478854bad7cf710359f113a4bafd6f72de130865
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9331E523E1860666EB648A3CD8513796A91AF84F64F746F35DB2EC63D3CF3CE4018600
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ABB5D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                                                    			E00007FF67FF6B0ABB5D4(intOrPtr* __rax, long long __rbx, char* __rcx, void* __rdx, void* __rsi, void* __rbp, void* __r8, void* __r9, long long _a8) {
				signed long long _v24;
				void* _t17;
				void* _t19;
				void* _t34;
				char* _t40;
				char* _t41;
				char* _t42;
				char* _t44;
				char* _t46;
				void* _t49;
				char* _t59;

				_t49 = __rdx;
				_t46 = __rcx;
				_a8 = __rbx;
				_t59 =  *((intOrPtr*)(__r9 + 0x10));
				_t44 = __rcx;
				if (__rcx != 0) goto 0xb0abb612;
				E00007FF67FF6B0AA78AC(__rax);
				_v24 = _v24 & 0x00000000;
				r9d = 0;
				r8d = 0;
				 *__rax = 0x16;
				E00007FF67FF6B0AA4430(__rax, __rcx, __rcx, __rdx, __rsi, __rbp, __r8);
				goto 0xb0abb6a2;
				if (_t49 == 0) goto 0xb0abb5ea;
				 *_t46 = 0;
				_t16 =  >  ? r8d : 0;
				_t17 = ( >  ? r8d : 0) + 1;
				if (_t49 - __rax > 0) goto 0xb0abb638;
				_t19 = E00007FF67FF6B0AA78AC(__rax);
				goto 0xb0abb5f4;
				 *_t46 = 0x30;
				_t5 = _t46 + 1; // 0x1
				_t40 = _t5;
				goto 0xb0abb65d;
				if ( *_t59 == 0) goto 0xb0abb650;
				goto 0xb0abb655;
				 *_t40 = 0x30;
				_t41 = _t40 + 1;
				r8d = r8d - 1;
				_t34 = r8d;
				if (_t34 > 0) goto 0xb0abb641;
				 *_t41 = 0;
				if (_t34 < 0) goto 0xb0abb67c;
				if ( *((char*)(_t59 + 1)) - 0x35 < 0) goto 0xb0abb67c;
				goto 0xb0abb672;
				 *_t41 = 0x30;
				_t42 = _t41 - 1;
				if ( *_t42 == 0x39) goto 0xb0abb66f;
				 *_t42 =  *_t42 + 1;
				if ( *_t44 != 0x31) goto 0xb0abb687;
				 *((intOrPtr*)(__r9 + 4)) =  *((intOrPtr*)(__r9 + 4)) + 1;
				goto 0xb0abb6a0;
				_t8 = _t44 + 1; // 0x1
				E00007FF67FF6B0AA70C0(_t19, _t8);
				_t9 = _t44 + 1; // 0x1
				_t10 = _t42 + 1; // 0x1
				E00007FF67FF6B0AAAE90(0x30,  *_t44 - 0x31, _t44, _t9, _t10);
				return 0;
			}














                                                                                                                                                                                                    0x7ff6b0abb5d4
                                                                                                                                                                                                    0x7ff6b0abb5d4
                                                                                                                                                                                                    0x7ff6b0abb5d4
                                                                                                                                                                                                    0x7ff6b0abb5de
                                                                                                                                                                                                    0x7ff6b0abb5e2
                                                                                                                                                                                                    0x7ff6b0abb5e8
                                                                                                                                                                                                    0x7ff6b0abb5ea
                                                                                                                                                                                                    0x7ff6b0abb5f4
                                                                                                                                                                                                    0x7ff6b0abb5fa
                                                                                                                                                                                                    0x7ff6b0abb5fd
                                                                                                                                                                                                    0x7ff6b0abb604
                                                                                                                                                                                                    0x7ff6b0abb606
                                                                                                                                                                                                    0x7ff6b0abb60d
                                                                                                                                                                                                    0x7ff6b0abb615
                                                                                                                                                                                                    0x7ff6b0abb61c
                                                                                                                                                                                                    0x7ff6b0abb61f
                                                                                                                                                                                                    0x7ff6b0abb623
                                                                                                                                                                                                    0x7ff6b0abb62a
                                                                                                                                                                                                    0x7ff6b0abb62c
                                                                                                                                                                                                    0x7ff6b0abb636
                                                                                                                                                                                                    0x7ff6b0abb638
                                                                                                                                                                                                    0x7ff6b0abb63b
                                                                                                                                                                                                    0x7ff6b0abb63b
                                                                                                                                                                                                    0x7ff6b0abb63f
                                                                                                                                                                                                    0x7ff6b0abb645
                                                                                                                                                                                                    0x7ff6b0abb64e
                                                                                                                                                                                                    0x7ff6b0abb655
                                                                                                                                                                                                    0x7ff6b0abb657
                                                                                                                                                                                                    0x7ff6b0abb65a
                                                                                                                                                                                                    0x7ff6b0abb65d
                                                                                                                                                                                                    0x7ff6b0abb660
                                                                                                                                                                                                    0x7ff6b0abb662
                                                                                                                                                                                                    0x7ff6b0abb665
                                                                                                                                                                                                    0x7ff6b0abb66b
                                                                                                                                                                                                    0x7ff6b0abb66d
                                                                                                                                                                                                    0x7ff6b0abb66f
                                                                                                                                                                                                    0x7ff6b0abb672
                                                                                                                                                                                                    0x7ff6b0abb678
                                                                                                                                                                                                    0x7ff6b0abb67a
                                                                                                                                                                                                    0x7ff6b0abb67f
                                                                                                                                                                                                    0x7ff6b0abb681
                                                                                                                                                                                                    0x7ff6b0abb685
                                                                                                                                                                                                    0x7ff6b0abb687
                                                                                                                                                                                                    0x7ff6b0abb68b
                                                                                                                                                                                                    0x7ff6b0abb690
                                                                                                                                                                                                    0x7ff6b0abb697
                                                                                                                                                                                                    0x7ff6b0abb69b
                                                                                                                                                                                                    0x7ff6b0abb6ac

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno
                                                                                                                                                                                                    • String ID: 1
                                                                                                                                                                                                    • API String ID: 2918714741-2212294583
                                                                                                                                                                                                    • Opcode ID: 9de920149e30724e33a27b75c9f7a44d4c9aef464fb0973900e33d5a7901a343
                                                                                                                                                                                                    • Instruction ID: 9f577c1e1c90f2abea92bde29eb125686ec2a40ca234d91cdf44575d4a1ff44f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9de920149e30724e33a27b75c9f7a44d4c9aef464fb0973900e33d5a7901a343
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5721D323A3C6CAA5FB168A2C8A2437D6F909F45740F588831CB4D863C3DEBDAC00C711
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0630(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				long long _t28;
				signed int _t32;
				signed int _t34;
				signed long long _t47;
				char* _t52;
				char* _t53;
				long long* _t58;
				signed long long _t68;

				_t47 =  *0xb0ae0430; // 0x449f37dbf1f
				_v40 = _t47 ^ _t68;
				_t58 =  &_v136;
				 *_t58 =  *((intOrPtr*)(__r8));
				_t34 =  *(__r9 + 0x18);
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_v120 = 0x25;
				if ((_t34 & 0x00000020) == 0) goto 0xb0aa0686;
				_v119 = 0x2b;
				_t52 =  &_v118;
				if ((_t34 & 0x00000008) == 0) goto 0xb0aa0691;
				 *_t52 = 0x23;
				_t53 = _t52 + 1;
				 *_t53 = 0x49;
				 *((char*)(_t53 + 1)) = 0x36;
				_t32 = _t34 & 0x00000e00;
				 *((char*)(_t53 + 2)) = 0x34;
				if (_t32 != 0x400) goto 0xb0aa06b0;
				goto 0xb0aa06c7;
				if (_t32 == 0x800) goto 0xb0aa06bc;
				goto 0xb0aa06c7;
				 *((char*)(_t53 + 3)) = 0x78;
				 *((char*)(_t53 + 4)) = 0;
				_t28 = E00007FF67FF6B0AA4828( &_v120, _a48);
				_t74 = __r9;
				_v152 = _t28;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF67FF6B0AA1B30(0x40, _t32 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF67FF6B0AA4050(_a40 & 0x000000ff, _v40 ^ _t68, __rdx,  &_v136, _t74);
			}





















                                                                                                                                                                                                    0x7ff6b0aa063b
                                                                                                                                                                                                    0x7ff6b0aa0645
                                                                                                                                                                                                    0x7ff6b0aa0653
                                                                                                                                                                                                    0x7ff6b0aa0658
                                                                                                                                                                                                    0x7ff6b0aa0662
                                                                                                                                                                                                    0x7ff6b0aa0666
                                                                                                                                                                                                    0x7ff6b0aa0672
                                                                                                                                                                                                    0x7ff6b0aa067a
                                                                                                                                                                                                    0x7ff6b0aa067c
                                                                                                                                                                                                    0x7ff6b0aa0681
                                                                                                                                                                                                    0x7ff6b0aa0689
                                                                                                                                                                                                    0x7ff6b0aa068b
                                                                                                                                                                                                    0x7ff6b0aa068e
                                                                                                                                                                                                    0x7ff6b0aa0691
                                                                                                                                                                                                    0x7ff6b0aa0696
                                                                                                                                                                                                    0x7ff6b0aa069a
                                                                                                                                                                                                    0x7ff6b0aa06a0
                                                                                                                                                                                                    0x7ff6b0aa06aa
                                                                                                                                                                                                    0x7ff6b0aa06ae
                                                                                                                                                                                                    0x7ff6b0aa06b6
                                                                                                                                                                                                    0x7ff6b0aa06ba
                                                                                                                                                                                                    0x7ff6b0aa06cf
                                                                                                                                                                                                    0x7ff6b0aa06e1
                                                                                                                                                                                                    0x7ff6b0aa06e5
                                                                                                                                                                                                    0x7ff6b0aa06ef
                                                                                                                                                                                                    0x7ff6b0aa06fd
                                                                                                                                                                                                    0x7ff6b0aa070a
                                                                                                                                                                                                    0x7ff6b0aa070f
                                                                                                                                                                                                    0x7ff6b0aa0716
                                                                                                                                                                                                    0x7ff6b0aa0738

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 199c0298df90e3aed58233d8eadc2c7ef0cc3010c3b583627453f619fa6fd15e
                                                                                                                                                                                                    • Instruction ID: bf08086fc545f574889d2a0c2438d4abb790b69aea211fa48665cfc12aff5310
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 199c0298df90e3aed58233d8eadc2c7ef0cc3010c3b583627453f619fa6fd15e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5531BF5320C7C199EB218B19E4943AABB91EB99B84F688035DBCC43BD6DF6DC509C741
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0740(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				long long _t28;
				signed int _t32;
				signed int _t34;
				signed long long _t47;
				char* _t52;
				char* _t53;
				long long* _t58;
				signed long long _t68;

				_t47 =  *0xb0ae0430; // 0x449f37dbf1f
				_v40 = _t47 ^ _t68;
				_t58 =  &_v136;
				 *_t58 =  *((intOrPtr*)(__r8));
				_t34 =  *(__r9 + 0x18);
				 *((long long*)(_t58 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_v120 = 0x25;
				if ((_t34 & 0x00000020) == 0) goto 0xb0aa0796;
				_v119 = 0x2b;
				_t52 =  &_v118;
				if ((_t34 & 0x00000008) == 0) goto 0xb0aa07a1;
				 *_t52 = 0x23;
				_t53 = _t52 + 1;
				 *_t53 = 0x49;
				 *((char*)(_t53 + 1)) = 0x36;
				_t32 = _t34 & 0x00000e00;
				 *((char*)(_t53 + 2)) = 0x34;
				if (_t32 != 0x400) goto 0xb0aa07c0;
				goto 0xb0aa07d7;
				if (_t32 == 0x800) goto 0xb0aa07cc;
				goto 0xb0aa07d7;
				 *((char*)(_t53 + 3)) = 0x78;
				 *((char*)(_t53 + 4)) = 0;
				_t28 = E00007FF67FF6B0AA4828( &_v120, _a48);
				_t74 = __r9;
				_v152 = _t28;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF67FF6B0AA1B30(0x40, _t32 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF67FF6B0AA4050(_a40 & 0x000000ff, _v40 ^ _t68, __rdx,  &_v136, _t74);
			}





















                                                                                                                                                                                                    0x7ff6b0aa074b
                                                                                                                                                                                                    0x7ff6b0aa0755
                                                                                                                                                                                                    0x7ff6b0aa0763
                                                                                                                                                                                                    0x7ff6b0aa0768
                                                                                                                                                                                                    0x7ff6b0aa0772
                                                                                                                                                                                                    0x7ff6b0aa0776
                                                                                                                                                                                                    0x7ff6b0aa0782
                                                                                                                                                                                                    0x7ff6b0aa078a
                                                                                                                                                                                                    0x7ff6b0aa078c
                                                                                                                                                                                                    0x7ff6b0aa0791
                                                                                                                                                                                                    0x7ff6b0aa0799
                                                                                                                                                                                                    0x7ff6b0aa079b
                                                                                                                                                                                                    0x7ff6b0aa079e
                                                                                                                                                                                                    0x7ff6b0aa07a1
                                                                                                                                                                                                    0x7ff6b0aa07a6
                                                                                                                                                                                                    0x7ff6b0aa07aa
                                                                                                                                                                                                    0x7ff6b0aa07b0
                                                                                                                                                                                                    0x7ff6b0aa07ba
                                                                                                                                                                                                    0x7ff6b0aa07be
                                                                                                                                                                                                    0x7ff6b0aa07c6
                                                                                                                                                                                                    0x7ff6b0aa07ca
                                                                                                                                                                                                    0x7ff6b0aa07df
                                                                                                                                                                                                    0x7ff6b0aa07f1
                                                                                                                                                                                                    0x7ff6b0aa07f5
                                                                                                                                                                                                    0x7ff6b0aa07ff
                                                                                                                                                                                                    0x7ff6b0aa080d
                                                                                                                                                                                                    0x7ff6b0aa081a
                                                                                                                                                                                                    0x7ff6b0aa081f
                                                                                                                                                                                                    0x7ff6b0aa0826
                                                                                                                                                                                                    0x7ff6b0aa0848

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 3bca78181c14e379637e49068abc0e93dd171a5e81286bc63a8eb4f6a4bf3c7a
                                                                                                                                                                                                    • Instruction ID: 861d82276339b443997a30f1b67dcaae90c531111e973b0e6b694e04be7f84e3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bca78181c14e379637e49068abc0e93dd171a5e81286bc63a8eb4f6a4bf3c7a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C31C11320CBC199E7618B19E4943AABB91EB99B84F688435DB8C43BD6DF7DD409CB01
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0430 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0430(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				signed int _t26;
				long long _t33;
				signed int _t37;
				signed long long _t45;
				long long* _t53;
				char* _t61;
				char* _t62;
				signed long long _t66;

				_t45 =  *0xb0ae0430; // 0x449f37dbf1f
				_v40 = _t45 ^ _t66;
				_t53 =  &_v136;
				 *_t53 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t53 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t26 =  *(__r9 + 0x18);
				_v120 = 0x25;
				if ((_t26 & 0x00000020) == 0) goto 0xb0aa0485;
				_v119 = 0x2b;
				_t61 =  &_v118;
				if ((_t26 & 0x00000008) == 0) goto 0xb0aa048f;
				 *_t61 = 0x23;
				_t62 = _t61 + 1;
				 *_t62 = 0x6c;
				_t37 = _t26 & 0x00000e00;
				if (_t37 != 0x400) goto 0xb0aa04a6;
				goto 0xb0aa04bb;
				if (_t37 == 0x800) goto 0xb0aa04b2;
				goto 0xb0aa04bb;
				r9d = _a48;
				 *((char*)(_t62 + 1)) = 0x78;
				 *((char*)(_t62 + 2)) = 0;
				_t33 = E00007FF67FF6B0AA4828( &_v120, __r9);
				_t71 = __r9;
				_v152 = _t33;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF67FF6B0AA1B30(0x40, _t37 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF67FF6B0AA4050(_a40 & 0x000000ff, _v40 ^ _t66, __rdx,  &_v136, _t71);
			}





















                                                                                                                                                                                                    0x7ff6b0aa043b
                                                                                                                                                                                                    0x7ff6b0aa0445
                                                                                                                                                                                                    0x7ff6b0aa0453
                                                                                                                                                                                                    0x7ff6b0aa0458
                                                                                                                                                                                                    0x7ff6b0aa0462
                                                                                                                                                                                                    0x7ff6b0aa0466
                                                                                                                                                                                                    0x7ff6b0aa046d
                                                                                                                                                                                                    0x7ff6b0aa0479
                                                                                                                                                                                                    0x7ff6b0aa047b
                                                                                                                                                                                                    0x7ff6b0aa0480
                                                                                                                                                                                                    0x7ff6b0aa0487
                                                                                                                                                                                                    0x7ff6b0aa0489
                                                                                                                                                                                                    0x7ff6b0aa048c
                                                                                                                                                                                                    0x7ff6b0aa0491
                                                                                                                                                                                                    0x7ff6b0aa0494
                                                                                                                                                                                                    0x7ff6b0aa04a0
                                                                                                                                                                                                    0x7ff6b0aa04a4
                                                                                                                                                                                                    0x7ff6b0aa04ac
                                                                                                                                                                                                    0x7ff6b0aa04b0
                                                                                                                                                                                                    0x7ff6b0aa04bb
                                                                                                                                                                                                    0x7ff6b0aa04c3
                                                                                                                                                                                                    0x7ff6b0aa04c6
                                                                                                                                                                                                    0x7ff6b0aa04d9
                                                                                                                                                                                                    0x7ff6b0aa04e3
                                                                                                                                                                                                    0x7ff6b0aa04f1
                                                                                                                                                                                                    0x7ff6b0aa04fe
                                                                                                                                                                                                    0x7ff6b0aa0503
                                                                                                                                                                                                    0x7ff6b0aa050a
                                                                                                                                                                                                    0x7ff6b0aa052c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: d3730cdb89768898581950ed3844910f35159086da06fdda1a3db010544c9348
                                                                                                                                                                                                    • Instruction ID: 2c01fdb6b09ceec69cf4a3593251329a6f3edc5c755e1bd6c611c19223830578
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3730cdb89768898581950ed3844910f35159086da06fdda1a3db010544c9348
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1321DD636087C096EB21CB18E4507AABB60FB99784F644035EBCC83B8ADF2CC049CB41
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AA0530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                                                    			E00007FF67FF6B0AA0530(void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48) {
				signed int _v40;
				char _v104;
				char _v118;
				char _v119;
				char _v120;
				char _v136;
				long long _v152;
				long long _v160;
				char _v168;
				void* __rbx;
				signed int _t26;
				long long _t33;
				signed int _t37;
				signed long long _t45;
				long long* _t53;
				char* _t61;
				char* _t62;
				signed long long _t66;

				_t45 =  *0xb0ae0430; // 0x449f37dbf1f
				_v40 = _t45 ^ _t66;
				_t53 =  &_v136;
				 *_t53 =  *((intOrPtr*)(__r8));
				 *((long long*)(_t53 + 8)) =  *((intOrPtr*)(__r8 + 8));
				_t26 =  *(__r9 + 0x18);
				_v120 = 0x25;
				if ((_t26 & 0x00000020) == 0) goto 0xb0aa0585;
				_v119 = 0x2b;
				_t61 =  &_v118;
				if ((_t26 & 0x00000008) == 0) goto 0xb0aa058f;
				 *_t61 = 0x23;
				_t62 = _t61 + 1;
				 *_t62 = 0x6c;
				_t37 = _t26 & 0x00000e00;
				if (_t37 != 0x400) goto 0xb0aa05a6;
				goto 0xb0aa05bb;
				if (_t37 == 0x800) goto 0xb0aa05b2;
				goto 0xb0aa05bb;
				r9d = _a48;
				 *((char*)(_t62 + 1)) = 0x78;
				 *((char*)(_t62 + 2)) = 0;
				_t33 = E00007FF67FF6B0AA4828( &_v120, __r9);
				_t71 = __r9;
				_v152 = _t33;
				_v160 =  &_v104;
				_v168 = _a40 & 0x000000ff;
				E00007FF67FF6B0AA1B30(0x40, _t37 - 0x800, __rdx, __rcx, __rdx,  &_v136, __r9);
				return E00007FF67FF6B0AA4050(_a40 & 0x000000ff, _v40 ^ _t66, __rdx,  &_v136, _t71);
			}





















                                                                                                                                                                                                    0x7ff6b0aa053b
                                                                                                                                                                                                    0x7ff6b0aa0545
                                                                                                                                                                                                    0x7ff6b0aa0553
                                                                                                                                                                                                    0x7ff6b0aa0558
                                                                                                                                                                                                    0x7ff6b0aa0562
                                                                                                                                                                                                    0x7ff6b0aa0566
                                                                                                                                                                                                    0x7ff6b0aa056d
                                                                                                                                                                                                    0x7ff6b0aa0579
                                                                                                                                                                                                    0x7ff6b0aa057b
                                                                                                                                                                                                    0x7ff6b0aa0580
                                                                                                                                                                                                    0x7ff6b0aa0587
                                                                                                                                                                                                    0x7ff6b0aa0589
                                                                                                                                                                                                    0x7ff6b0aa058c
                                                                                                                                                                                                    0x7ff6b0aa0591
                                                                                                                                                                                                    0x7ff6b0aa0594
                                                                                                                                                                                                    0x7ff6b0aa05a0
                                                                                                                                                                                                    0x7ff6b0aa05a4
                                                                                                                                                                                                    0x7ff6b0aa05ac
                                                                                                                                                                                                    0x7ff6b0aa05b0
                                                                                                                                                                                                    0x7ff6b0aa05bb
                                                                                                                                                                                                    0x7ff6b0aa05c3
                                                                                                                                                                                                    0x7ff6b0aa05c6
                                                                                                                                                                                                    0x7ff6b0aa05d9
                                                                                                                                                                                                    0x7ff6b0aa05e3
                                                                                                                                                                                                    0x7ff6b0aa05f1
                                                                                                                                                                                                    0x7ff6b0aa05fe
                                                                                                                                                                                                    0x7ff6b0aa0603
                                                                                                                                                                                                    0x7ff6b0aa060a
                                                                                                                                                                                                    0x7ff6b0aa062c

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: swprintf
                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                    • API String ID: 233258989-2626897407
                                                                                                                                                                                                    • Opcode ID: 1df7e744390f40849ec1a5d9bdad50f2f4d21f9ca7a496e96129a9086ee3ae5b
                                                                                                                                                                                                    • Instruction ID: d042e989be84ea307fd2abb9f32ddac47cacbf1d7ca5fd849acc299f2d7097a2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1df7e744390f40849ec1a5d9bdad50f2f4d21f9ca7a496e96129a9086ee3ae5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B721D16360C7C595EB218B18E4507AABB60EB99784F648035EBCC93BCADF6CD049CB51
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0ACC547 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                                                    			E00007FF67FF6B0ACC547(void* __ecx, void* __rax, void* __rdx) {
				void* __rbx;
				void* _t14;
				void* _t17;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t36;

				_t27 = __rax;
				_t18 = __ecx;
				_t36 = __rdx;
				E00007FF67FF6B0AA771C(__rax, _t28,  *((intOrPtr*)(__rdx + 0x50)));
				if ( *((intOrPtr*)(__rdx + 0x20)) != 0) goto 0xb0acc5a7;
				_t29 =  *((intOrPtr*)(__rdx + 0xd8));
				if ( *_t29 != 0xe06d7363) goto 0xb0acc5a7;
				if ( *((intOrPtr*)(_t29 + 0x18)) != 4) goto 0xb0acc5a7;
				if ( *((intOrPtr*)(_t29 + 0x20)) == 0x19930520) goto 0xb0acc590;
				if ( *((intOrPtr*)(_t29 + 0x20)) == 0x19930521) goto 0xb0acc590;
				if ( *((intOrPtr*)(_t29 + 0x20)) != 0x19930522) goto 0xb0acc5a7;
				_t14 = E00007FF67FF6B0AA76E8(__rax,  *((intOrPtr*)(_t29 + 0x28)));
				_t26 = _t14;
				if (_t14 == 0) goto 0xb0acc5a7;
				E00007FF67FF6B0AA93E4(1, _t29);
				E00007FF67FF6B0AAB93C(__ecx, _t14, _t27);
				 *((long long*)(_t27 + 0xf0)) =  *((intOrPtr*)(_t36 + 0xe0));
				_t17 = E00007FF67FF6B0AAB93C(_t18, _t26, _t27);
				 *((long long*)(_t27 + 0xf8)) =  *((intOrPtr*)(_t36 + 0xe8));
				return _t17;
			}










                                                                                                                                                                                                    0x7ff6b0acc547
                                                                                                                                                                                                    0x7ff6b0acc547
                                                                                                                                                                                                    0x7ff6b0acc54e
                                                                                                                                                                                                    0x7ff6b0acc555
                                                                                                                                                                                                    0x7ff6b0acc55e
                                                                                                                                                                                                    0x7ff6b0acc560
                                                                                                                                                                                                    0x7ff6b0acc56d
                                                                                                                                                                                                    0x7ff6b0acc573
                                                                                                                                                                                                    0x7ff6b0acc57c
                                                                                                                                                                                                    0x7ff6b0acc585
                                                                                                                                                                                                    0x7ff6b0acc58e
                                                                                                                                                                                                    0x7ff6b0acc594
                                                                                                                                                                                                    0x7ff6b0acc599
                                                                                                                                                                                                    0x7ff6b0acc59b
                                                                                                                                                                                                    0x7ff6b0acc5a2
                                                                                                                                                                                                    0x7ff6b0acc5a7
                                                                                                                                                                                                    0x7ff6b0acc5b3
                                                                                                                                                                                                    0x7ff6b0acc5ba
                                                                                                                                                                                                    0x7ff6b0acc5c6
                                                                                                                                                                                                    0x7ff6b0acc5d3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 3186804695-1018135373
                                                                                                                                                                                                    • Opcode ID: 97aebfb5d78ca228d74b9f39178d7e69d976561db45659c44281a7df79628fe9
                                                                                                                                                                                                    • Instruction ID: 1649026935d9047ff654eeab7642b77c2f5467ebaf64f18e59f6e858e5a79486
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97aebfb5d78ca228d74b9f39178d7e69d976561db45659c44281a7df79628fe9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 750140639446469DDB709F2A8C402BC2764EF98B99F594935DB4D8A787DF28E481C301
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00007FF6B0AB31E8 Relevance: 5.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                                                                    			E00007FF67FF6B0AB31E8(void* __ecx, void* __ebp, signed int* __rbx, long long __rcx, signed int __rsi) {
				void* __rdi;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				char _t44;
				char _t45;
				char _t46;
				void* _t52;
				signed int _t58;
				void* _t65;
				void* _t73;
				signed int* _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int* _t80;
				char* _t100;
				char* _t101;
				void* _t102;
				long long _t105;
				signed int _t107;
				signed int* _t109;
				signed int* _t111;
				void* _t112;
				char* _t115;
				void* _t118;
				void* _t120;
				signed int* _t123;
				void* _t125;
				signed int* _t127;
				void* _t129;
				signed int* _t130;

				_t80 = __rbx;
				_t52 = __ecx;
				_t75 = _t111;
				_t75[2] = __rbx;
				_t75[4] = _t107;
				_t75[6] = __rsi;
				_t112 = _t111 - 0x40;
				_t105 = __rcx;
				 *((long long*)(_t75 - 0x38)) = __rcx;
				 *((long long*)(_t75 - 0x30)) = __rbx;
				if ( *((intOrPtr*)(__rcx + 0x1c)) != 0) goto 0xb0ab322d;
				if ( *((intOrPtr*)(__rcx + 0x18)) != 0) goto 0xb0ab322d;
				goto 0xb0ab3385;
				_t8 = _t102 - 0x57; // 0x1
				r12d = _t8;
				E00007FF67FF6B0AAA5E0(__rbx, _t118, _t102, _t102, __rcx, 0xb0ae01a0, _t129, _t125);
				_t109 = _t75;
				if (_t75 != _t80) goto 0xb0ab3251;
				goto 0xb0ab33d6;
				E00007FF67FF6B0AAAE90(_t52, _t75 - _t80, _t75,  *(_t105 + 0x128), _t102);
				E00007FF67FF6B0AAA574(__ebp, _t75, _t80, _t102, _t105, _t109);
				_t127 = _t75;
				if (_t75 != _t80) goto 0xb0ab3282;
				free(_t120);
				goto 0xb0ab3249;
				 *_t75 = 0;
				if ( *((intOrPtr*)(_t105 + 0x1c)) == 0) goto 0xb0ab3355;
				E00007FF67FF6B0AAA574(__ebp, _t75, _t80, _t102, _t105, _t109);
				_t65 = _t75 - _t80;
				if (_t65 == 0) goto 0xb0ab3310;
				 *_t75 = 0;
				_t58 =  *(_t105 + 0x3e) & 0x0000ffff;
				r9d = 0xe;
				r8d = _t58;
				 *(_t112 + 0x20) = _t109;
				_t39 = E00007FF67FF6B0AAFB68(0, r12d, _t80, _t112 + 0x30, _t102);
				_t14 =  &(_t109[2]); // 0x8
				 *(_t112 + 0x20) = _t14;
				r9d = 0xf;
				r8d = _t58;
				_t40 = E00007FF67FF6B0AAFB68(_t39, r12d, _t80, _t112 + 0x30, _t102);
				_t17 =  &(_t109[4]); // 0x10
				_t130 = _t17;
				r9d = 0x10;
				r8d = _t58;
				 *(_t112 + 0x20) = _t130;
				_t41 = E00007FF67FF6B0AAFB68(_t39 | _t40, r12d, _t80, _t112 + 0x30, _t102);
				if (_t65 == 0) goto 0xb0ab3320;
				E00007FF67FF6B0AB31A0(_t41 | _t39 | _t40, _t109);
				r12d = r12d | 0xffffffff;
				free(_t118);
				goto 0xb0ab327b;
				_t100 =  *_t130;
				goto 0xb0ab3338;
				_t44 =  *_t100;
				if (_t44 - 0x30 < 0) goto 0xb0ab333e;
				if (_t44 - 0x39 > 0) goto 0xb0ab333e;
				_t45 = _t44 - 0x30;
				 *_t100 = _t45;
				_t101 = _t100 + _t118;
				if ( *_t101 != 0) goto 0xb0ab3327;
				goto 0xb0ab3379;
				if (_t45 != 0x3b) goto 0xb0ab3335;
				_t115 = _t101;
				_t46 =  *((intOrPtr*)(_t115 + 1));
				 *_t115 = _t46;
				if (_t46 != 0) goto 0xb0ab3345;
				goto 0xb0ab3338;
				_t76 =  *0xb0ae01a0; // 0x7ff6b0ae0190
				_t123 = _t80;
				 *_t109 = _t76;
				_t77 =  *0xb0ae01a8; // 0x7ff6b0ae3064
				_t109[2] = _t77;
				_t78 =  *0xb0ae01b0; // 0x7ff6b0ae3064
				_t109[4] = _t78;
				 *_t127 = r12d;
				if (_t123 == _t80) goto 0xb0ab3385;
				 *_t123 = r12d;
				if ( *(_t105 + 0x118) == _t80) goto 0xb0ab3395;
				asm("lock add dword [eax], 0xffffffff");
				_t73 =  *(_t105 + 0x110) - _t80;
				if (_t73 == 0) goto 0xb0ab33bf;
				asm("lock add dword [ecx], 0xffffffff");
				if (_t73 != 0) goto 0xb0ab33bf;
				free(_t102);
				free(??);
				 *(_t105 + 0x118) = _t123;
				 *(_t105 + 0x110) = _t127;
				 *(_t105 + 0x128) = _t109;
				return 0;
			}



































                                                                                                                                                                                                    0x7ff6b0ab31e8
                                                                                                                                                                                                    0x7ff6b0ab31e8
                                                                                                                                                                                                    0x7ff6b0ab31e8
                                                                                                                                                                                                    0x7ff6b0ab31eb
                                                                                                                                                                                                    0x7ff6b0ab31ef
                                                                                                                                                                                                    0x7ff6b0ab31f3
                                                                                                                                                                                                    0x7ff6b0ab3200
                                                                                                                                                                                                    0x7ff6b0ab3206
                                                                                                                                                                                                    0x7ff6b0ab3209
                                                                                                                                                                                                    0x7ff6b0ab320d
                                                                                                                                                                                                    0x7ff6b0ab3214
                                                                                                                                                                                                    0x7ff6b0ab3219
                                                                                                                                                                                                    0x7ff6b0ab3228
                                                                                                                                                                                                    0x7ff6b0ab3235
                                                                                                                                                                                                    0x7ff6b0ab3235
                                                                                                                                                                                                    0x7ff6b0ab323c
                                                                                                                                                                                                    0x7ff6b0ab3241
                                                                                                                                                                                                    0x7ff6b0ab3247
                                                                                                                                                                                                    0x7ff6b0ab324c
                                                                                                                                                                                                    0x7ff6b0ab325e
                                                                                                                                                                                                    0x7ff6b0ab326b
                                                                                                                                                                                                    0x7ff6b0ab3270
                                                                                                                                                                                                    0x7ff6b0ab3276
                                                                                                                                                                                                    0x7ff6b0ab327b
                                                                                                                                                                                                    0x7ff6b0ab3280
                                                                                                                                                                                                    0x7ff6b0ab3282
                                                                                                                                                                                                    0x7ff6b0ab3287
                                                                                                                                                                                                    0x7ff6b0ab3290
                                                                                                                                                                                                    0x7ff6b0ab3298
                                                                                                                                                                                                    0x7ff6b0ab329b
                                                                                                                                                                                                    0x7ff6b0ab329d
                                                                                                                                                                                                    0x7ff6b0ab329f
                                                                                                                                                                                                    0x7ff6b0ab32a8
                                                                                                                                                                                                    0x7ff6b0ab32b1
                                                                                                                                                                                                    0x7ff6b0ab32b4
                                                                                                                                                                                                    0x7ff6b0ab32b9
                                                                                                                                                                                                    0x7ff6b0ab32be
                                                                                                                                                                                                    0x7ff6b0ab32c2
                                                                                                                                                                                                    0x7ff6b0ab32cc
                                                                                                                                                                                                    0x7ff6b0ab32d2
                                                                                                                                                                                                    0x7ff6b0ab32da
                                                                                                                                                                                                    0x7ff6b0ab32df
                                                                                                                                                                                                    0x7ff6b0ab32df
                                                                                                                                                                                                    0x7ff6b0ab32e8
                                                                                                                                                                                                    0x7ff6b0ab32ee
                                                                                                                                                                                                    0x7ff6b0ab32f6
                                                                                                                                                                                                    0x7ff6b0ab32fb
                                                                                                                                                                                                    0x7ff6b0ab3302
                                                                                                                                                                                                    0x7ff6b0ab3307
                                                                                                                                                                                                    0x7ff6b0ab330c
                                                                                                                                                                                                    0x7ff6b0ab3313
                                                                                                                                                                                                    0x7ff6b0ab331b
                                                                                                                                                                                                    0x7ff6b0ab3320
                                                                                                                                                                                                    0x7ff6b0ab3325
                                                                                                                                                                                                    0x7ff6b0ab3327
                                                                                                                                                                                                    0x7ff6b0ab332b
                                                                                                                                                                                                    0x7ff6b0ab332f
                                                                                                                                                                                                    0x7ff6b0ab3331
                                                                                                                                                                                                    0x7ff6b0ab3333
                                                                                                                                                                                                    0x7ff6b0ab3335
                                                                                                                                                                                                    0x7ff6b0ab333a
                                                                                                                                                                                                    0x7ff6b0ab333c
                                                                                                                                                                                                    0x7ff6b0ab3340
                                                                                                                                                                                                    0x7ff6b0ab3342
                                                                                                                                                                                                    0x7ff6b0ab3345
                                                                                                                                                                                                    0x7ff6b0ab3349
                                                                                                                                                                                                    0x7ff6b0ab3351
                                                                                                                                                                                                    0x7ff6b0ab3353
                                                                                                                                                                                                    0x7ff6b0ab3355
                                                                                                                                                                                                    0x7ff6b0ab335c
                                                                                                                                                                                                    0x7ff6b0ab335f
                                                                                                                                                                                                    0x7ff6b0ab3363
                                                                                                                                                                                                    0x7ff6b0ab336a
                                                                                                                                                                                                    0x7ff6b0ab336e
                                                                                                                                                                                                    0x7ff6b0ab3375
                                                                                                                                                                                                    0x7ff6b0ab3379
                                                                                                                                                                                                    0x7ff6b0ab337f
                                                                                                                                                                                                    0x7ff6b0ab3381
                                                                                                                                                                                                    0x7ff6b0ab338f
                                                                                                                                                                                                    0x7ff6b0ab3391
                                                                                                                                                                                                    0x7ff6b0ab339c
                                                                                                                                                                                                    0x7ff6b0ab339f
                                                                                                                                                                                                    0x7ff6b0ab33a1
                                                                                                                                                                                                    0x7ff6b0ab33a5
                                                                                                                                                                                                    0x7ff6b0ab33ae
                                                                                                                                                                                                    0x7ff6b0ab33ba
                                                                                                                                                                                                    0x7ff6b0ab33bf
                                                                                                                                                                                                    0x7ff6b0ab33c6
                                                                                                                                                                                                    0x7ff6b0ab33cd
                                                                                                                                                                                                    0x7ff6b0ab33f3

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000012.00000002.702858987.00007FF6B0A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6B0A90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000012.00000002.702849678.00007FF6B0A90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.702965577.00007FF6B0AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703013280.00007FF6B0AE0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703040476.00007FF6B0AEA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000012.00000002.703055652.00007FF6B0AEF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff6b0a90000_EsgInstallerDelay__1.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: 8821a1df296688c370d858aa2f429f45ff0a23e2406f815d5f3f7c622645e2ca
                                                                                                                                                                                                    • Instruction ID: dd721fe1efb312d27b29d33ba10560e3ce444abd0350fc80986c9db382a44826
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8821a1df296688c370d858aa2f429f45ff0a23e2406f815d5f3f7c622645e2ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C51A733A09685A6EB60AF59E4401BE7BA4FB54B80F544935DB9D8B782CF3CE542C340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%